[ovirt-users] Debian linux and oVirt SSO

Vinzenz Feenstra vfeenstr at redhat.com
Fri Jul 15 11:54:44 UTC 2016 

> On Jul 15, 2016, at 11:50 AM, Tadas <tadas at ring.lt> wrote:
> 
> Hello,
> i'm struggling to get oVirt SSO working on Linux guest VM.
> I can confirm, that SSO is fully functional on Windows guest (please
> note it's not a full oVirt installation - I'm just testing oVirt guest
> agent on virtual machines running on plain KVM hypervisor).
> 
> Steps I've made:
> got oVirt guest agent up and running, I can communicate with it from
> hypervisor:
> 
> socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
> vdi.0 -
> {"__name__": "os-version", "version": "4.6.0-1-amd64"}
> Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security
> 
> Configured /etc/pam.d/kdm-ovirt-cred with:
> 
> %PAM-1.0
> auth        required    pam_ovirt_cred.so
> auth        include     password-auth
> account     include     password-auth
> password    include     password-auth
> session     required    pam_selinux.so close
> session     required    pam_selinux.so open
> session     include     password-auth
> 
> Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
> 
> Configured /etc/kde4/kdm/kdmrc with:
> 
> PluginsLogin=ovirtcred

you should just add ovirtcred and not remove all the other options, without the other options you’re not able to login

> 
> Symptoms:
> After starting kdm, I get login prompt with barely visible title (I
> assume it should spell "oVirt Authentication" from
> kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
> cannot enter anything to them. After emitting username/password to
> oVirt agent, I can see the following log entries:
> 
> Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
> following users are allowed to connect: [0]
> Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting
> user authenticated signal (509542).
> CredChannel::INFO::2016-07-15
> 12:29:56,634::CredServer::241::root::Credentials channel timed out.
> 
> The only thing that worries me, - are the entries in kdm.log file:
> 
> klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
> started the DBUS server. 

To me it looks like that you’re missing 
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/org.ovirt.vdsm.Credentials.conf <https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/org.ovirt.vdsm.Credentials.conf>



> 
> Since oVirt guest agent sends wakeup message to greeter plugin via
> Dbus, perhaps this is the problem? Maybe someone had the same problem
> here?
> This happens on Debian 8 and 9.


However the KDM support is basically not really developed anymore as the majority of our users are rather using GDM. So there’s quite the possibility that there’s a problem.

> 
> Thank you.
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160715/7d2948f9/attachment-0001.html>

More information about the Users mailing list