This is a multi-part message in MIME format. ------=_NextPart_000_0019_01D1DEB4.405C10B0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable SSO part as simple as emitting correctly formed json to spice socket, - = as I=E2=80=99ve mentioned before, this works fine with windows guests. Problem is only with linux guests. As for undocummented API, yes, = =E2=80=93 you are right, documentation should help alot. It takes time = to reverse engineer code. But having full oVirt solution or not does not change the thing, that = there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very = confident, that this will persist if used Linux guest on oVirt. Perhaps = this is just Debian oriented problem, so I was wondering if anyone had = the same issue here. From: Yaniv Kaul=20 Sent: Friday, July 15, 2016 3:57 PM To: tadas@ring.lt=20 Cc: users=20 Subject: Re: [ovirt-users] Debian linux and oVirt SSO =20 Part of the issue is that you are missing quite a bit of the = orchestration that oVirt performs to make SSO work... There may some other issues, but I warmly suggest using oVirt and not = the undocumented APIs - which may or may not change in the future, = between the agent and other components. Y. Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security Configured /etc/pam.d/kdm-ovirt-cred with: %PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 Configured /etc/kde4/kdm/kdmrc with: PluginsLogin=3Dovirtcred Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. The only thing that worries me, - are the entries in kdm.log file: klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server.=20 Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9. Thank you. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ------=_NextPart_000_0019_01D1DEB4.405C10B0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD> <BODY dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>SSO part as simple as emitting correctly formed json to spice = socket, - as=20 I=E2=80=99ve mentioned before, this works fine with windows = guests.</DIV> <DIV>Problem is only with linux guests. As for undocummented API, yes, = =E2=80=93 you are=20 right, documentation should help alot. It takes time to reverse engineer = code.</DIV> <DIV>But having full oVirt solution or not does not change the thing, = that=20 there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very = confident, that this=20 will persist if used Linux guest on oVirt. Perhaps this is just Debian = oriented=20 problem, so I was wondering if anyone had the same issue here.</DIV> <DIV> </DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"><B>From:</B> <A = title=3Dykaul@redhat.com=20 href=3D"mailto:ykaul@redhat.com">Yaniv Kaul</A> </DIV> <DIV><B>Sent:</B> Friday, July 15, 2016 3:57 PM</DIV> <DIV><B>To:</B> <A title=3Dtadas@ring.lt=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV> <DIV><B>Cc:</B> <A title=3Dusers@ovirt.org = href=3D"mailto:users@ovirt.org">users</A>=20 </DIV> <DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20 SSO</DIV></DIV></DIV> <DIV> </DIV></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV dir=3Dltr> <DIV><BR> </DIV> <DIV class=3Dgmail_extra> <DIV class=3Dgmail_quote> <DIV> </DIV> <DIV>Part of the issue is that you are missing quite a bit of the = orchestration=20 that oVirt performs to make SSO work...</DIV> <DIV>There may some other issues, but I warmly suggest using oVirt and = not the=20 undocumented APIs - which may or may not change in the future, between = the agent=20 and other components.</DIV> <DIV>Y.</DIV> <DIV> </DIV> <BLOCKQUOTE class=3Dgmail_quote=20 style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc = 1px solid"><BR>Steps=20 I've made:<BR>got oVirt guest agent up and running, I can communicate = with it=20 from<BR>hypervisor:<BR><BR>socat=20 = /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<BR>vdi.0 = -<BR>{"__name__": "os-version", "version": = "4.6.0-1-amd64"}<BR>Compiled and=20 copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security<BR><BR>Configured=20 /etc/pam.d/kdm-ovirt-cred=20 = with:<BR><BR>%PAM-1.0<BR>auth =20 required =20 pam_ovirt_cred.so<BR>auth =20 include =20 password-auth<BR>account =20 include = password-auth<BR>password =20 include =20 password-auth<BR>session = required =20 pam_selinux.so close<BR>session =20 required pam_selinux.so=20 open<BR>session = include =20 password-auth<BR><BR>Compiled and copied kgreet_ovirtcred.so to=20 /usr/lib/kde4<BR><BR>Configured /etc/kde4/kdm/kdmrc=20 with:<BR><BR>PluginsLogin=3Dovirtcred<BR><BR>Symptoms:<BR>After = starting kdm, I=20 get login prompt with barely visible title (I<BR>assume it should = spell "oVirt=20 Authentication" from<BR>kgreet_ovirtcred.cpp). Username and password = boxes are=20 inactive - i<BR>cannot enter anything to them. After emitting=20 username/password to<BR>oVirt agent, I can see the following log=20 entries:<BR><BR>Dummy-1::INFO::2016-07-15=20 12:29:51,628::CredServer::207::root::The<BR>following users are = allowed to=20 connect: [0]<BR>Dummy-1::INFO::2016-07-15=20 12:29:51,629::CredServer::273::root::Opening<BR>credentials=20 channel...<BR>Dummy-1::INFO::2016-07-15=20 12:29:51,629::CredServer::132::root::Emitting<BR>user authenticated = signal=20 = (509542).<BR>CredChannel::INFO::2016-07-15<BR>12:29:56,634::CredServer::2= 41::root::Credentials=20 channel timed out.<BR><BR>The only thing that worries me, - are the = entries in=20 kdm.log file:<BR><BR>klauncher(6100) kdemain: No DBUS session-bus = found. Check=20 if you have<BR>started the DBUS server. <BR><BR>Since oVirt guest = agent sends=20 wakeup message to greeter plugin via<BR>Dbus, perhaps this is the = problem?=20 Maybe someone had the same problem<BR>here?<BR>This happens on Debian = 8 and=20 9.<BR><BR>Thank=20 = you.<BR><BR><BR>_______________________________________________<BR>Users = mailing list<BR><A = href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20 href=3D"http://lists.ovirt.org/mailman/listinfo/users" = rel=3Dnoreferrer=20 = target=3D_blank>http://lists.ovirt.org/mailman/listinfo/users</A><BR></BL= OCKQUOTE></DIV> <DIV> </DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_0019_01D1DEB4.405C10B0--