Full /etc/sasl2/libvirt.conf: mech_list: digest-md5 sasldb_path: /etc/libvirt/passwd.db Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t. On 04/10/2017, 18:44, "users-bounces@ovirt.org on behalf of Alan Griffiths" <users-bounces@ovirt.org on behalf of apgriffiths79@gmail.com> wrote: That didn't seem to make any difference. I can make it work by disabling authentication auth_unix_rw="none" in /etc/libvirt/libvirtd.conf On 4 October 2017 at 15:05, VONDRA Alain <AVONDRA@unicef.fr> wrote: > Hi, > Did you modify your /etc/sasl2/libvirt.conf, because the update has modify the way to authenticate from md5 to gssapi. > > If not just change this line : > mech_list: gssapi > to > mech_list: digest-md5 > > And restart services > > As mentioned in the libvirt.conf file : > > # NB, previously DIGEST-MD5 was set as the default mechanism for > # libvirt. Per RFC 6331 this is vulnerable to many serious security > # flaws and should no longer be used. Thus GSSAPI is now the default. > # > # To use GSSAPI requires that a libvirtd service principal is > # added to the Kerberos server for each host running libvirtd. > # This principal needs to be exported to the keytab file listed below > > Alain > > > > Alain VONDRA > > Chargé d'Exploitation et de Sécurité des Systèmes d'Information > Direction Administrative et Financière > +33 1 44 39 77 76 > > UNICEF France > 3 rue Duguay Trouin 75006 > PARIS > www.unicef.fr > -----Message d'origine----- > De : users-bounces@ovirt.org [mailto:users-bounces@ovirt.org] De la part de Alan Griffiths > Envoyé : mercredi 4 octobre 2017 15:50 > À : Ovirt Users <users@ovirt.org> > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4 > > Hi, > > Is 4.0 supported/known to work on CentOS 7.4? > > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with > > vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed > > To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7. > > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4? > > Thanks, > > Alan > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users