Hi, I asked this before but as it was mixed with another question on the same message I guess nobody noticed: >>> I am experimenting with different security settings for libvirtd, so >>> I can give sysadmins administrative access to the KVM hypervisor >>> without giving them root access on the host. I had success using TLS >>> (with client-certs) and SASL, but have not managed to make polkit >>> and ssh to work so far. >>> >>> If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a >>> local virsh connection gets this error: >>> >>> "Authorization requires authentication but no agent is available" >>> >>> Thus I'm using "sasl" for tcp and "none" for the unix socket. What should I have for libvirtd polkit authentication? I'd like to use regular user PAM passwords (either from local files or from LDAP). But I only managed to get working the other options: no auth, client-cert (TLS) or SASL digest-md5 own password database.
>>> When I try a "qemu+ssh" remote virsh connection evething works fine. I found no auth configuration on /etc/libvirt/libvirtd.conf for ssh connections. This means they are using unix sockets, like they were local connections? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
