On Fri, 2016-06-10 at 12:22 +0300, Alexander Bokovoy wrote: > On Fri, 10 Jun 2016, Pavel Grunt wrote: > > > > How does it affect info about auth failure provided by > > > > spice_channel_failed_authentication() ? > > > If c->auth_needs_username is set, spice_channel_failed_authentication() > > > will tell that a username is required. This is certainly true -- if SASL > > > GSSAPI failed, username/password are indeed required. So it wouldn't be > > > a problem, at least from my reading of the code and tests with spicy > > > tool. > > > > > > However, there is a problem with cases like virt-manager which assumes > > > there is only a password per channel required and never shows you a > > > request to enter username in case of SASL GSSAPI failure. When you enter > > > a password, the underlying code would complain that username is missing > > > but no way to enter username would be provided. This is virt-manager's > > > issue > > Is there a bug ? > No, now I'm not able to reproduce it when SASL GSSAPI is fixed. ok, I'm just asking :). I think virt-viewer / remote-viewer handles it correctly (shows dialog with username and password fields). But it may be interesting for virt-manager to have it fixed. > Do you want a bug for the case when you don't have a valid ticket in the > ccache? Not sure if spice-gtk should be taking care about validity of the ticket - it should report an error to the user > > > (not related to the patch - it would be nice to rewrite/clean up the "SASL" > > part > > of spice-channel.c) > There could be a bit of clean up but the main auth code is correct. > > I would perhaps added support to optionally allow TGT delegation but we > would need it only once we would build up a channel to sign in into a > VM so that TGT could be forwarded into a VM's ccache. > It can be good feature Thanks, Pavel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel