Hi! Some mysterious problem:
Some mysterious problem: Host1 /etc/sasl2/libvirt.conf listen_tls = 0 listen_tcp = 1 mdns_adv = 0 auth_unix_ro = "none" auth_unix_rw = "none" auth_tcp = "sasl" Host2 /etc/sasl2/libvirt.conf listen_tls = 0 listen_tcp = 1 mdns_adv = 0 auth_unix_ro = "none" auth_unix_rw = "none" auth_tcp = "sasl" Host1 /etc/sasl2/libvirt.conf mech_list: gssapi keytab: /etc/libvirt/krb5.kqemu sasldb_path: /etc/libvirt/passwd.db Host2 /etc/sasl2/libvirt.conf mech_list: gssapi keytab: /etc/libvirt/krb5.kqemu sasldb_path: /etc/libvirt/passwd.db Since libvirtd ignores the keytab-setting in /etc/sasl2/libvirtd.conf there is an environment variable set: KRB5_KTNAME=/etc/libvirt/krb5.kqemu This again on both hosts. libvirtd must be started with "--listen" to make ist respect the settings in /etc/libvirt/libvirt.conf. This is done on both hosts too. Both hosts are in known in dns and names resolve to given addresses as addresses resolv to given hostnames. Now I get a ticket for my user (kinit username) and start virt-manager. All OK Hosts are defined within virt-manager config with qemu+tcp://srv1.example.com qemu+tcp://srv2.example.com for both of them exists a principal: libvirt/[email protected] libvirt/[email protected] OK. Let's connect to host 1: Asks for password!! Now to host 2: all OK logged in without any further question. Any idea, why this works on one host, but not on the other? I can, on both hosts, log in with "ssh -K -X -l username srv?.example.com" no problem at all. Only libvirtd allows it on one host, on the other it does not. -- Thomas ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
