On Fri, Nov 30, 2012 at 03:56:14PM +0100, Natxo Asenjo wrote: > hi, > > sasl_allowed_username_list = ["admin@xxxxxxxxxxxxxxx" ] > > if I leave this field commented out (default setting), everybody can > manage the kvm host. Oh it isn't very obvious, but in this log message: > >> > 2012-11-30 12:00:53.403+0000: 7786: error : > >> > virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in 'admin' is the identity being matched against. We ought to quote that string int he log message to make it more obvious. So I guess SASL/GSSAPI is not giving us back the REALM, just the username So you need to change your whitelist to leave out the realm. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
