[ovirt-users] Debian linux and oVirt SSO

Tadas tadas at ring.lt
Mon Jul 18 12:08:28 UTC 2016 

ovirt agent stops on this line and code below it is not executed:

https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agen
t/CredServer.py#L147



On Mon, 2016-07-18 at 14:12 +0300, Tadas wrote:
> This is really interesting.
> pam-ovirt-cred is randomly failing on one of two checks:
> 
> https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred
> /c
> red_channel.c#L107
> 
> and
> 
> https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred
> /c
> red_channel.c#L134
> 
> Theres  no pattern, on which step it will fail. Sometimes it fails on
> writing to socket sometimes on reading:
> 
> Jul 18 14:11:02 desktop64 cred-debug: recv() failed
> Jul 18 14:11:14 desktop64 cred-debug: send() failed
> Jul 18 14:11:18 desktop64 cred-debug: recv() failed
> Jul 18 14:11:23 desktop64 cred-debug: recv() failed
> Jul 18 14:11:28 desktop64 cred-debug: send() failed
> Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 
> at 09:51 +0300, Tadas wrote:
> > After moving to gdm, I've managed to solve the timeout issue. Now i
> > bumped into another one:
> > oVirt agent seem to emit credentials without error:
> > 
> > Dummy-1::DEBUG::2016-07-18
> > 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials
> > =
> > '\x00\x00\x00\x04test********\x00')
> > Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The
> > following users are allowed to connect: [0]
> > Dummy-1::DEBUG::2016-07-18
> > 09:29:53,294::CredServer::272::root::Token:
> > 250954
> > Dummy-1::INFO::2016-07-18
> > 09:29:53,294::CredServer::273::root::Opening
> > credentials channel...
> > Dummy-1::INFO::2016-07-18
> > 09:29:53,294::CredServer::132::root::Emitting
> > user authenticated signal (250954).
> > Dummy-1::INFO::2016-07-18
> > 09:29:53,349::CredServer::277::root::Credentials channel was
> > closed.
> > 
> > But pam module is failing:
> > gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to
> > acquire
> > user's credentials
> > 
> > After poking a bit I've managed to find, that module fails on:
> > 
> >     if (ret == -1) {
> >         D(("send() failed."));
> >         return -1;
> >     }
> > 
> > in cred_channel.c
> > 
> > 
> > Also, i have to mention, that there's no /etc/pamd/password-auth
> > file
> > in Debian Linux. I've copied it from Centos (it is needed by gdm-
> > ovirtcred.pam)
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > > 
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list