<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 15, 2016 at 12:50 PM, Tadas <span dir="ltr"><<a href="mailto:tadas@ring.lt" target="_blank">tadas@ring.lt</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
i'm struggling to get oVirt SSO working on Linux guest VM.<br>
I can confirm, that SSO is fully functional on Windows guest (please<br>
note it's not a full oVirt installation - I'm just testing oVirt guest<br>
agent on virtual machines running on plain KVM hypervisor).<br></blockquote><div><br></div><div>Part of the issue is that you are missing quite a bit of the orchestration that oVirt performs to make SSO work...</div><div>There may some other issues, but I warmly suggest using oVirt and not the undocumented APIs - which may or may not change in the future, between the agent and other components.</div><div> Y.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Steps I've made:<br>
got oVirt guest agent up and running, I can communicate with it from<br>
hypervisor:<br>
<br>
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<br>
vdi.0 -<br>
{"__name__": "os-version", "version": "4.6.0-1-amd64"}<br>
Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security<br>
<br>
Configured /etc/pam.d/kdm-ovirt-cred with:<br>
<br>
%PAM-1.0<br>
auth required pam_ovirt_cred.so<br>
auth include password-auth<br>
account include password-auth<br>
password include password-auth<br>
session required pam_selinux.so close<br>
session required pam_selinux.so open<br>
session include password-auth<br>
<br>
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4<br>
<br>
Configured /etc/kde4/kdm/kdmrc with:<br>
<br>
PluginsLogin=ovirtcred<br>
<br>
Symptoms:<br>
After starting kdm, I get login prompt with barely visible title (I<br>
assume it should spell "oVirt Authentication" from<br>
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i<br>
cannot enter anything to them. After emitting username/password to<br>
oVirt agent, I can see the following log entries:<br>
<br>
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The<br>
following users are allowed to connect: [0]<br>
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening<br>
credentials channel...<br>
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting<br>
user authenticated signal (509542).<br>
CredChannel::INFO::2016-07-15<br>
12:29:56,634::CredServer::241::root::Credentials channel timed out.<br>
<br>
The only thing that worries me, - are the entries in kdm.log file:<br>
<br>
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have<br>
started the DBUS server. <br>
<br>
Since oVirt guest agent sends wakeup message to greeter plugin via<br>
Dbus, perhaps this is the problem? Maybe someone had the same problem<br>
here?<br>
This happens on Debian 8 and 9.<br>
<br>
Thank you.<br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>