4:50 a.m.
Hello,
i'm struggling to get oVirt SSO working on Linux guest VM.
I can confirm, that SSO is fully functional on Windows guest (please
note it's not a full oVirt installation - I'm just testing oVirt guest
agent on virtual machines running on plain KVM hypervisor).
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security
Configured /etc/pam.d/kdm-ovirt-cred with:
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
Configured /etc/kde4/kdm/kdmrc with:
PluginsLogin=ovirtcred
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
The only thing that worries me, - are the entries in kdm.log file:
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
Thank you.
6:54 a.m.
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 15, 2016, at 11:50 AM, Tadas <tadas(a)ring.lt> wrote:
=20
Hello,
i'm struggling to get oVirt SSO working on Linux guest VM.
I can confirm, that SSO is fully functional on Windows guest (please
note it's not a full oVirt installation - I'm just testing oVirt guest
agent on virtual machines running on plain KVM hypervisor).
=20
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
=20
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security
=20
Configured /etc/pam.d/kdm-ovirt-cred with:
=20
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
=20
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
=20
Configured /etc/kde4/kdm/kdmrc with:
=20
PluginsLogin=3Dovirtcred
you should just add ovirtcred and not remove all the other options, =
without the other options you=E2=80=99re not able to login
=20
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
=20
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
=20
The only thing that worries me, - are the entries in kdm.log file:
=20
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.=20
To me it looks like that you=E2=80=99re missing=20
=
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/o=
rg.ovirt.vdsm.Credentials.conf =
<https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/=
org.ovirt.vdsm.Credentials.conf>
=20
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
However the KDM support is basically not really developed anymore as the =
majority of our users are rather using GDM. So there=E2=80=99s quite the =
possibility that there=E2=80=99s a problem.
=20
Thank you.
=20
=20
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 15, 2016, at 11:50 AM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
class=3D"">Hello,<br class=3D"">i'm struggling to get
oVirt SSO working =
on Linux guest VM.<br class=3D"">I can confirm, that SSO is fully =
functional on Windows guest (please<br class=3D"">note it's not a full
=
oVirt installation - I'm just testing oVirt guest<br class=3D"">agent
on =
virtual machines running on plain KVM hypervisor).<br class=3D""><br =
class=3D"">Steps I've made:<br class=3D"">got oVirt guest
agent up and =
running, I can communicate with it from<br class=3D"">hypervisor:<br =
class=3D""><br class=3D"">socat =
/var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<br =
class=3D"">vdi.0 -<br class=3D"">{"__name__":
"os-version", "version": =
"4.6.0-1-amd64"}<br class=3D"">Compiled and copied
pam_ovirt_cred.so =
to /lib/x86_64-linux-gnu/security<br class=3D""><br =
class=3D"">Configured /etc/pam.d/kdm-ovirt-cred with:<br
class=3D""><br =
class=3D"">%PAM-1.0<br =
class=3D"">auth required&nb=
sp; pam_ovirt_cred.so<br =
class=3D"">auth include&nbs=
p; password-auth<br =
class=3D"">account include &=
nbsp; password-auth<br =
class=3D"">password include =
password-auth<br =
class=3D"">session required =
pam_selinux.so close<br =
class=3D"">session required =
pam_selinux.so open<br =
class=3D"">session include &=
nbsp; password-auth<br class=3D""><br
class=3D"">Compiled and =
copied kgreet_ovirtcred.so to /usr/lib/kde4<br class=3D""><br
=
class=3D"">Configured /etc/kde4/kdm/kdmrc with:<br
class=3D""><br =
class=3D"">PluginsLogin=3Dovirtcred<br =
class=3D""></div></div></blockquote><div><br
class=3D""></div><div>you =
should just add ovirtcred and not remove all the other options, without =
the other options you=E2=80=99re not able to login</div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">Symptoms:<br
class=3D"">After starting kdm, I =
get login prompt with barely visible title (I<br class=3D"">assume it =
should spell "oVirt Authentication" from<br =
class=3D"">kgreet_ovirtcred.cpp). Username and password boxes are =
inactive - i<br class=3D"">cannot enter anything to them. After emitting
=
username/password to<br class=3D"">oVirt agent, I can see the following =
log entries:<br class=3D""><br
class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,628::CredServer::207::root::The<br class=3D"">following users =
are allowed to connect: [0]<br class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::273::root::Opening<br class=3D"">credentials =
channel...<br class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting<br class=3D"">user =
authenticated signal (509542).<br =
class=3D"">CredChannel::INFO::2016-07-15<br =
class=3D"">12:29:56,634::CredServer::241::root::Credentials channel =
timed out.<br class=3D""><br class=3D"">The only thing
that worries me, =
- are the entries in kdm.log file:<br class=3D""><br =
class=3D"">klauncher(6100) kdemain: No DBUS session-bus found. Check if =
you have<br class=3D"">started the DBUS server. <br =
class=3D""></div></div></blockquote><div><br
class=3D""></div><div>To me =
it looks like that you=E2=80=99re missing </div><div><a =
href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt...
-agent/org.ovirt.vdsm.Credentials.conf" =
class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/m...
est-agent/org.ovirt.vdsm.Credentials.conf</a></div><div><br =
class=3D""></div><div><br
class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div
class=3D""><br =
class=3D"">Since oVirt guest agent sends wakeup message to greeter =
plugin via<br class=3D"">Dbus, perhaps this is the problem? Maybe =
someone had the same problem<br class=3D"">here?<br
class=3D"">This =
happens on Debian 8 and 9.<br
class=3D""></div></div></blockquote><div><br=
class=3D""></div><div><br
class=3D""></div><div>However the KDM support =
is basically not really developed anymore as the majority of our users =
are rather using GDM. So there=E2=80=99s quite the possibility that =
there=E2=80=99s a problem.</div><br class=3D""><blockquote
type=3D"cite" =
class=3D""><div class=3D""><div
class=3D""><br class=3D"">Thank you.<br =
class=3D""><br class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">Users mailing list<br class=3D""><a =
href=3D"mailto:Users@ovirt.org"
class=3D"">Users(a)ovirt.org</a><br =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br =
class=3D""></div></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C--
10:09 a.m.
This is a multi-part message in MIME format.
------=_NextPart_000_0074_01D1DEC4.1835A460
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Thank you for reply.
you =3Dhould just add ovirtcred and not remove all the other =
options, without =3Dhe other options you=E2=80=99re not able to login
There are other options, i=E2=80=99ve just changed the folowing =
parameter:
PluginsLogin=3Dovirtcred
should i use somekind of plugin list and add the classic plugin also? =
eg:
PluginsLogin=3Dclassic, ovirtcred
To me =3Dt looks like that you=E2=80=99re missing=20
=
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen=
t/org.ovirt.vdsm.Credentials.conf
seems you are right. Now i do see ovirt in dbus sessions:
DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus =
--type=3Dmethod_call --print-reply /org/freedesktop/DBus =
org.freedesktop.DBus.ListNames
array [
string "org.freedesktop.DBus"
string "org.freedesktop.login1"
string ":1.72"
string ":1.171"
string "org.freedesktop.systemd1"
string "org.freedesktop.PolicyKit1"
string ":1.360"
string ":1.66"
string "org.freedesktop.PackageKit"
string ":1.67"
string "org.freedesktop.UPower"
string ":1.363"
string ":1.0"
string "org.freedesktop.UDisks2"
string ":1.68"
string ":1.364"
string "org.ovirt.vdsm.Credentials"
string ":1.365"
string ":1.366"
string "org.freedesktop.RealtimeKit1"
]
But still getting the samer error:
Dummy-1::INFO::2016-07-15 =
18:08:12,299::OVirtAgentLogic::294::root::Received an external command: =
login...
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The =
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening =
credentials channel...
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::132::root::Emitting =
user authenticated signal (656949).
CredChannel::INFO::2016-07-15 =
18:08:17,306::CredServer::241::root::Credentials channel timed out.
Dummy-1::INFO::2016-07-15 =
18:08:17,307::CredServer::277::root::Credentials channel was closed.
However the KDM support =3Ds basically not really developed =
anymore as the majority of our users =3Dre rather using GDM. So =
there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem.
Well, i=E2=80=99m having different issues while trying to compile gdm =
plugin:
configure: error: Package requirements (dbus-glib-1 >=3D 0.74
gdmsimplegreeter >=3D 3.2.1.1
gobject-2.0 >=3D 2.22.0
gtk+-2.0 >=3D 2.18.0
) were not met:
Package gdmsimplegreeter was not found in the pkg-config search path.
Found no information, o how to get gdmsimplegreeter.
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
=3D
------=_NextPart_000_0074_01D1DEC4.1835A460
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META content=3D"text/html =3Dharset=3Dutf-8" =
http-equiv=3DContent-Type></HEAD>
<BODY=20
style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space"=20
dir=3Dltr =3D'lass=3D""'>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<DIV>Thank you for reply.</DIV>
<DIV> </DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'> =20
you =3Dhould just add ovirtcred and not remove all the other options, =
without =3Dhe=20
other options you=E2=80=99re not able to login</DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'> </DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>There=20
are other options, i=E2=80=99ve just changed the folowing =
parameter:</DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'><FONT=20
style=3D"BACKGROUND-COLOR: #ffffff"=20
face=3D"Times New
Roman">PluginsLogin=3Dovirtcred</FONT></DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'><FONT=20
face=3D"Times New Roman">should i use somekind of plugin list and add =
the classic=20
plugin also? eg:</FONT></DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'><FONT=20
style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New =
Roman">PluginsLogin=3Dclassic,=20
ovirtcred</FONT></DIV></DIV></DIV>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV =3D'lass=3D""'>To me =3Dt looks like that you=E2=80=99re
missing =
</DIV>
<DIV =3D'lass=3D""'><A=20
=
href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt...
st-agent/org.ovirt.vdsm.Credentials.conf"=20
=
=3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-g=
uest=3Dagent/org.ovirt.vdsm.Credentials.conf"'>https://github...
virt-guest-agent/blob/master/ovirt-gu=3Dst-agent/org.ovirt.vdsm.Credentia=
ls.conf</A></DIV>
<DIV =3D'lass=3D""'> </DIV>
<DIV =3D'lass=3D""'> </DIV>
<DIV> </DIV></DIV></BLOCKQUOTE>
<DIV =3D'lass=3D""'>seems you are right. Now i do see ovirt in
dbus =
sessions:</DIV>
<DIV =3D'lass=3D""'> </DIV>
<DIV =3D'lass=3D""'>DISPLAY=3D:0.0 dbus-send --system =
--dest=3Dorg.freedesktop.DBus=20
--type=3Dmethod_call --print-reply /org/freedesktop/DBus=20
org.freedesktop.DBus.ListNames</DIV>
<DIV =3D'lass=3D""'> </DIV>
<DIV>array [</DIV>
<DIV> string "org.freedesktop.DBus"</DIV>
<DIV> string "org.freedesktop.login1"</DIV>
<DIV> string ":1.72"</DIV>
<DIV> string ":1.171"</DIV>
<DIV> string "org.freedesktop.systemd1"</DIV>
<DIV> string "org.freedesktop.PolicyKit1"</DIV>
<DIV> string ":1.360"</DIV>
<DIV> string ":1.66"</DIV>
<DIV> string "org.freedesktop.PackageKit"</DIV>
<DIV> string ":1.67"</DIV>
<DIV> string "org.freedesktop.UPower"</DIV>
<DIV> string ":1.363"</DIV>
<DIV> string ":1.0"</DIV>
<DIV> string "org.freedesktop.UDisks2"</DIV>
<DIV> string ":1.68"</DIV>
<DIV> string ":1.364"</DIV>
<DIV> string "org.ovirt.vdsm.Credentials"</DIV>
<DIV> string ":1.365"</DIV>
<DIV> string ":1.366"</DIV>
<DIV> string
"org.freedesktop.RealtimeKit1"</DIV>
<DIV>]</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>But still getting the samer error:</DIV>
<DIV> </DIV>
<DIV>Dummy-1::INFO::2016-07-15=20
18:08:12,299::OVirtAgentLogic::294::root::Received an external command:=20
login...</DIV>
<DIV>Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The=20
following users are allowed to connect: [0]</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::273::root::Opening=20
credentials channel...</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::132::root::Emitting=20
user authenticated signal (656949).</DIV>
<DIV>CredChannel::INFO::2016-07-15=20
18:08:17,306::CredServer::241::root::Credentials channel timed =
out.</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:17,307::CredServer::277::root::Credentials=20
channel was closed.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> However
the KDM support =
=3Ds=20
basically not really developed anymore as the majority of our users =
=3Dre rather=20
using GDM. So there=E2=80=99s quite the possibility that =
=3Dhere=E2=80=99s a problem.</DIV>
<DIV> </DIV>
<DIV>Well, i=E2=80=99m having different issues while trying to compile =
gdm plugin:</DIV>
<DIV>configure: error: Package requirements (dbus-glib-1 >=3D =
0.74</DIV>
<DIV> &n=
bsp; =20
gdmsimplegreeter >=3D 3.2.1.1</DIV>
<DIV> &n=
bsp; =20
gobject-2.0 >=3D 2.22.0</DIV>
<DIV> &n=
bsp; =20
gtk+-2.0 >=3D 2.18.0</DIV>
<DIV> ) were
not met:</DIV>
<DIV> </DIV>
<DIV>Package gdmsimplegreeter was not found in the pkg-config search =
path.</DIV>
<DIV>Found no information, o how to get gdmsimplegreeter.</DIV>
<DIV> </DIV>
<DIV><BR></DIV>
<BLOCKQUOTE =3D'lass=3D""' type=3D"cite">
<DIV>
<DIV><BR>Thank you.<BR
=3D'lass=3D""'><BR><BR=20
=3D'lass=3D""'>_______________________________________________<BR
=
=3D'lass=3D""'>Users=20
mailing list<BR><A =
=3D'ref=3D"mailto:Users@ovirt.org"'>Users@ovirt.org</A><BR=20
=3D'lass=3D""'>http://lists.ovirt.org/mailman/listinfo/users<BR=20
=
=3D'lass=3D""'></DIV></DIV></BLOCKQUOTE><BR>=3D</DIV></DIV></DIV></BODY><=
/HTML>
------=_NextPart_000_0074_01D1DEC4.1835A460--
11:35 a.m.
--Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 15, 2016, at 5:09 PM, Tadas <tadas(a)ring.lt> wrote:
=20
Thank you for reply.
=20
=20
you =3Dhould just add ovirtcred and not remove all the other =
options, without
=3Dhe other options you=E2=80=99re not able to login
=20
There are other options, i=E2=80=99ve just changed the folowing =
parameter:
PluginsLogin=3Dovirtcred
should i use somekind of plugin list and add the classic plugin also? =
eg:
PluginsLogin=3Dclassic, ovirtcred
> To me =3Dt looks like that you=E2=80=99re missing
> =
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agent=
/org.ovirt.vdsm.Credentials.conf =
<https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen=
t/org.ovirt.vdsm.Credentials.conf>
> =20
> =20
> =20
seems you are right. Now i do see ovirt in dbus sessions:
=20
DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus =
--type=3Dmethod_call --print-reply /org/freedesktop/DBus =
org.freedesktop.DBus.ListNames
=20
array [
string "org.freedesktop.DBus"
string "org.freedesktop.login1"
string ":1.72"
string ":1.171"
string "org.freedesktop.systemd1"
string "org.freedesktop.PolicyKit1"
string ":1.360"
string ":1.66"
string "org.freedesktop.PackageKit"
string ":1.67"
string "org.freedesktop.UPower"
string ":1.363"
string ":1.0"
string "org.freedesktop.UDisks2"
string ":1.68"
string ":1.364"
string "org.ovirt.vdsm.Credentials"
string ":1.365"
string ":1.366"
string "org.freedesktop.RealtimeKit1"
]
=20
=20
But still getting the samer error:
=20
Dummy-1::INFO::2016-07-15 =
18:08:12,299::OVirtAgentLogic::294::root::Received an
external command: =
login...
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The =
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15
18:08:12,300::CredServer::273::root::Opening =
credentials channel...
Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::132::root::Emitting user authenticated signal =
(656949).
CredChannel::INFO::2016-07-15 =
18:08:17,306::CredServer::241::root::Credentials channel timed out.
Dummy-1::INFO::2016-07-15 =
18:08:17,307::CredServer::277::root::Credentials channel was closed.
=20
=20
However the KDM support =3Ds basically not really developed =
anymore as
the majority of our users =3Dre rather using GDM. So =
there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem.
=20
Well, i=E2=80=99m having different issues while trying to compile gdm =
plugin:
configure: error: Package requirements (dbus-glib-1 >=3D 0.74
gdmsimplegreeter >=3D 3.2.1.1
gobject-2.0 >=3D 2.22.0
gtk+-2.0 >=3D 2.18.0
) were not met:
=20
Package gdmsimplegreeter was not found in the pkg-config search path.
Found no information, o how to get gdmsimplegreeter.
That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO code =
builtin GNOME you only need that the conf file and the pam extension =
plus the gdm-ovirtcred pam config
=20
=20
>=20
> Thank you.
>=20
>=20
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org <>
> http://lists.ovirt.org/mailman/listinfo/users
=20
=3D
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 15, 2016, at 5:09 PM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D"">
<meta content=3D"text/html =3Dharset=3Dutf-8"
http-equiv=3D"Content-Type" =
class=3D"">
<div style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space" dir=3D"ltr"
=3D'lass=3D"" '=3D"" =
class=3D"">
<div dir=3D"ltr" class=3D"">
<div style=3D"font-size: 12pt; font-family: Calibri;"
class=3D"">
<div class=3D"">Thank you for reply.</div>
<div class=3D""> </div>
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D"">
<div style=3D"FONT: 10pt tahoma" class=3D"">
<div class=3D""> </div>
<div style=3D"BACKGROUND: #f5f5f5" class=3D"">
<div style=3D"font-color: black" class=3D""></div>
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D""> =20
you =3Dhould just add ovirtcred and not remove all the other options, =
without =3Dhe=20
other options you=E2=80=99re not able to login</div></div>
<div style=3D"font-color: black" class=3D"">
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D""> </div></div>
<div style=3D"font-color: black" class=3D"">
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D"">There=20
are other options, i=E2=80=99ve just changed the folowing =
parameter:</div></div>
<div style=3D"font-color: black" class=3D"">
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D""><font style=3D"BACKGROUND-COLOR: #ffffff"
face=3D"Times New =
Roman"
class=3D"">PluginsLogin=3Dovirtcred</font></div></div>
<div style=3D"font-color: black" class=3D"">
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D""><font face=3D"Times New Roman"
class=3D"">should i use =
somekind of plugin list and add the classic=20
plugin also? eg:</font></div></div>
<div style=3D"font-color: black" class=3D"">
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D""><font style=3D"BACKGROUND-COLOR: #ffffff"
face=3D"Times New =
Roman" class=3D"">PluginsLogin=3Dclassic,=20
ovirtcred</font></div></div></div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div =3D'lass=3D"" '=3D"" class=3D"">To me
=3Dt looks like that =
you=E2=80=99re missing </div>
<div =3D'lass=3D"" '=3D"" class=3D""><a
=
href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt...
st-agent/org.ovirt.vdsm.Credentials.conf" =
=3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=
est=3Dagent/org.ovirt.vdsm.Credentials.conf" '=3D"" =
class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/m...
=3Dst-agent/org.ovirt.vdsm.Credentials.conf</a></div>
<div =3D'lass=3D"" '=3D""
class=3D""> </div>
<div =3D'lass=3D"" '=3D""
class=3D""> </div>
<div class=3D""> </div></div></blockquote>
<div =3D'lass=3D"" '=3D"" class=3D"">seems you
are right. Now i do see =
ovirt in dbus sessions:</div>
<div =3D'lass=3D"" '=3D""
class=3D""> </div>
<div =3D'lass=3D"" '=3D""
class=3D"">DISPLAY=3D:0.0 dbus-send --system =
--dest=3Dorg.freedesktop.DBus=20
--type=3Dmethod_call --print-reply /org/freedesktop/DBus=20
org.freedesktop.DBus.ListNames</div>
<div =3D'lass=3D"" '=3D""
class=3D""> </div>
<div class=3D"">array [</div>
<div class=3D""> string
"org.freedesktop.DBus"</div>
<div class=3D""> string
"org.freedesktop.login1"</div>
<div class=3D""> string ":1.72"</div>
<div class=3D""> string
":1.171"</div>
<div class=3D""> string
"org.freedesktop.systemd1"</div>
<div class=3D""> string
"org.freedesktop.PolicyKit1"</div>
<div class=3D""> string
":1.360"</div>
<div class=3D""> string ":1.66"</div>
<div class=3D""> string
"org.freedesktop.PackageKit"</div>
<div class=3D""> string ":1.67"</div>
<div class=3D""> string
"org.freedesktop.UPower"</div>
<div class=3D""> string
":1.363"</div>
<div class=3D""> string ":1.0"</div>
<div class=3D""> string
"org.freedesktop.UDisks2"</div>
<div class=3D""> string ":1.68"</div>
<div class=3D""> string
":1.364"</div>
<div class=3D""> string
"org.ovirt.vdsm.Credentials"</div>
<div class=3D""> string
":1.365"</div>
<div class=3D""> string
":1.366"</div>
<div class=3D""> string
"org.freedesktop.RealtimeKit1"</div>
<div class=3D"">]</div>
<div class=3D""> </div>
<div class=3D""> </div>
<div class=3D"">But still getting the samer error:</div>
<div class=3D""> </div>
<div class=3D"">Dummy-1::INFO::2016-07-15=20
18:08:12,299::OVirtAgentLogic::294::root::Received an external command:=20=
login...</div>
<div class=3D"">Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::207::root::The=20
following users are allowed to connect: [0]</div>
<div class=3D"">Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::273::root::Opening=20
credentials channel...</div>
<div class=3D"">Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::132::root::Emitting=20
user authenticated signal (656949).</div>
<div class=3D"">CredChannel::INFO::2016-07-15=20
18:08:17,306::CredServer::241::root::Credentials channel timed =
out.</div>
<div class=3D"">Dummy-1::INFO::2016-07-15 =
18:08:17,307::CredServer::277::root::Credentials=20
channel was closed.</div>
<div class=3D""> </div>
<div class=3D""> </div>
<div
class=3D"">
However the =
KDM support =3Ds=20
basically not really developed anymore as the majority of our users =3Dre =
rather=20
using GDM. So there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s=
a problem.</div>
<div class=3D""> </div>
<div class=3D"">Well, i=E2=80=99m having different issues while trying =
to compile gdm plugin:</div>
<div class=3D"">configure: error: Package requirements (dbus-glib-1 =
>=3D 0.74</div>
<div =
class=3D""> &nb=
sp; =20
gdmsimplegreeter >=3D 3.2.1.1</div>
<div =
class=3D""> &nb=
sp; =20
gobject-2.0 >=3D 2.22.0</div>
<div =
class=3D""> &nb=
sp; =20
gtk+-2.0 >=3D 2.18.0</div>
<div
class=3D"">
) were not =
met:</div>
<div class=3D""> </div>
<div class=3D"">Package gdmsimplegreeter was not found in the pkg-config
=
search path.</div>
<div class=3D"">Found no information, o how to get =
gdmsimplegreeter.</div></div></div></div></div></div></blockquote><div><br=
class=3D""></div><div>That=E2=80=99s for GDM < 3.8ish
from 3.10 we =
have the GDM SSO code builtin GNOME you only need that the conf file and =
the pam extension plus the gdm-ovirtcred pam config</div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space" dir=3D"ltr"
=3D'lass=3D"" '=3D"" =
class=3D""><div dir=3D"ltr" class=3D""><div
style=3D"font-size: 12pt; =
font-family: Calibri;" class=3D""><div style=3D"font-size:
small; =
text-decoration: none; font-family: Calibri; font-weight: normal; =
font-style: normal; display: inline;" class=3D"">
<div class=3D""> </div>
<div class=3D""><br class=3D""></div>
<blockquote =3D'lass=3D"" '=3D"" type=3D"cite"
class=3D"">
<div class=3D"">
<div class=3D""><br class=3D"">Thank you.<br
=3D'lass=3D"" '=3D"" =
class=3D""><br class=3D""><br =3D'lass=3D""
'=3D"" =
class=3D"">_______________________________________________<br
=3D'lass=3D"=
" '=3D"" class=3D"">Users=20
mailing list<br class=3D""><a
=3D'ref=3D"mailto:Users@ovirt.org" '=3D"" =
class=3D"">Users(a)ovirt.org</a><br =3D'lass=3D""
'=3D"" class=3D""><a =
href=3D"http://lists.ovirt.org/mailman/listinfo/users" =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<... =
=3D'lass=3D"" '=3D""
class=3D""></div></div></blockquote><br =
class=3D"">=3D</div></div></div></div>
_______________________________________________<br class=3D"">Users =
mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org"
=
class=3D"">Users(a)ovirt.org</a><br =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br =
class=3D""></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384--
12:30 p.m.
This is a multi-part message in MIME format.
------=_NextPart_000_002B_01D1DED7.B0022300
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Aha. Thank you. Will try this one
From: Vinzenz Feenstra=20
Sent: Friday, July 15, 2016 7:35 PM
To: Tadas=20
Cc: users(a)ovirt.org=20
Subject: Re: [ovirt-users] Debian linux and oVirt SSO
On Jul 15, 2016, at 5:09 PM, Tadas <tadas(a)ring.lt> wrote:
Thank you for reply.
you =3Dhould just add ovirtcred and not remove all the other =
options, without =3Dhe other options you=E2=80=99re not able to login
There are other options, i=E2=80=99ve just changed the folowing =
parameter:
PluginsLogin=3Dovirtcred
should i use somekind of plugin list and add the classic plugin also? =
eg:
PluginsLogin=3Dclassic, ovirtcred
To me =3Dt looks like that you=E2=80=99re missing=20
=
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen=
t/org.ovirt.vdsm.Credentials.conf
seems you are right. Now i do see ovirt in dbus sessions:
DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus =
--type=3Dmethod_call --print-reply /org/freedesktop/DBus =
org.freedesktop.DBus.ListNames
array [
string "org.freedesktop.DBus"
string "org.freedesktop.login1"
string ":1.72"
string ":1.171"
string "org.freedesktop.systemd1"
string "org.freedesktop.PolicyKit1"
string ":1.360"
string ":1.66"
string "org.freedesktop.PackageKit"
string ":1.67"
string "org.freedesktop.UPower"
string ":1.363"
string ":1.0"
string "org.freedesktop.UDisks2"
string ":1.68"
string ":1.364"
string "org.ovirt.vdsm.Credentials"
string ":1.365"
string ":1.366"
string "org.freedesktop.RealtimeKit1"
]
But still getting the samer error:
Dummy-1::INFO::2016-07-15 =
18:08:12,299::OVirtAgentLogic::294::root::Received an external command: =
login...
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The =
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening =
credentials channel...
Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::132::root::Emitting user authenticated signal =
(656949).
CredChannel::INFO::2016-07-15 =
18:08:17,306::CredServer::241::root::Credentials channel timed out.
Dummy-1::INFO::2016-07-15 =
18:08:17,307::CredServer::277::root::Credentials channel was closed.
However the KDM support =3Ds basically not really developed =
anymore as the majority of our users =3Dre rather using GDM. So =
there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem.
Well, i=E2=80=99m having different issues while trying to compile gdm =
plugin:
configure: error: Package requirements (dbus-glib-1 >=3D 0.74
gdmsimplegreeter >=3D 3.2.1.1
gobject-2.0 >=3D 2.22.0
gtk+-2.0 >=3D 2.18.0
) were not met:
Package gdmsimplegreeter was not found in the pkg-config search path.
Found no information, o how to get gdmsimplegreeter.
That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO code =
builtin GNOME you only need that the conf file and the pam extension =
plus the gdm-ovirtcred pam config
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
=3D
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
------=_NextPart_000_002B_01D1DED7.B0022300
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META content=3D"text/html charset=3Dutf-8" =
http-equiv=3DContent-Type></HEAD>
<BODY=20
style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space"=20
dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<DIV>Aha. Thank you. Will try this one</DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"><B>From:</B> <A =
title=3Dvfeenstr(a)redhat.com=20
href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV>
<DIV><B>Sent:</B> Friday, July 15, 2016 7:35 PM</DIV>
<DIV><B>To:</B> <A title=3Dtadas(a)ring.lt =
href=3D"mailto:tadas@ring.lt">Tadas</A>=20
</DIV>
<DIV><B>Cc:</B> <A title=3Dusers(a)ovirt.org=20
href=3D"mailto:users@ovirt.org">users@ovirt.org</A> </DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV> </DIV>
<DIV>
<BLOCKQUOTE type=3D"cite">
<DIV>On Jul 15, 2016, at 5:09 PM, Tadas <<A=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>>
wrote:</DIV>
<DIV> </DIV>
<DIV>
<DIV=20
style=3D"WORD-WRAP: break-word; -webkit-line-break: after-white-space; =
webkit-nbsp-mode: space"=20
dir=3Dltr =3D'lass=3D"" '>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: calibri">
<DIV>Thank you for reply.</DIV>
<DIV> </DIV>
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline">
<DIV style=3D"FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"></DIV>
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: =
inline"> =20
you =3Dhould just add ovirtcred and not remove all the other options, =
without=20
=3Dhe other options you=E2=80=99re not able to login</DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: =
inline"> </DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline">There =
are other options, i=E2=80=99ve just changed the folowing =
parameter:</DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT =
style=3D"BACKGROUND-COLOR: #ffffff"=20
face=3D"Times New
Roman">PluginsLogin=3Dovirtcred</FONT></DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT =
face=3D"Times New Roman">should i use somekind of plugin list and add =
the=20
classic plugin also? eg:</FONT></DIV></DIV>
<DIV style=3D"font-color: black">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT =
style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New =
Roman">PluginsLogin=3Dclassic,=20
ovirtcred</FONT></DIV></DIV></DIV>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV =3D'lass=3D"" '>To me =3Dt looks like that you=E2=80=99re
=
missing </DIV>
<DIV =3D'lass=3D"" '><A=20
=
href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt...
st-agent/org.ovirt.vdsm.Credentials.conf"=20
=
=3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-g=
uest=3Dagent/org.ovirt.vdsm.Credentials.conf" =
'>https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-ag=
ent/org.ovirt.vdsm.Credentials.conf</A></DIV>
<DIV =3D'lass=3D"" '> </DIV>
<DIV =3D'lass=3D"" '> </DIV>
<DIV> </DIV></DIV></BLOCKQUOTE>
<DIV =3D'lass=3D"" '>seems you are right. Now i do see ovirt in
dbus=20
sessions:</DIV>
<DIV =3D'lass=3D"" '> </DIV>
<DIV =3D'lass=3D"" '>DISPLAY=3D:0.0 dbus-send --system =
--dest=3Dorg.freedesktop.DBus=20
--type=3Dmethod_call --print-reply /org/freedesktop/DBus=20
org.freedesktop.DBus.ListNames</DIV>
<DIV =3D'lass=3D"" '> </DIV>
<DIV>array [</DIV>
<DIV> string "org.freedesktop.DBus"</DIV>
<DIV> string "org.freedesktop.login1"</DIV>
<DIV> string ":1.72"</DIV>
<DIV> string ":1.171"</DIV>
<DIV> string "org.freedesktop.systemd1"</DIV>
<DIV> string
"org.freedesktop.PolicyKit1"</DIV>
<DIV> string ":1.360"</DIV>
<DIV> string ":1.66"</DIV>
<DIV> string
"org.freedesktop.PackageKit"</DIV>
<DIV> string ":1.67"</DIV>
<DIV> string "org.freedesktop.UPower"</DIV>
<DIV> string ":1.363"</DIV>
<DIV> string ":1.0"</DIV>
<DIV> string "org.freedesktop.UDisks2"</DIV>
<DIV> string ":1.68"</DIV>
<DIV> string ":1.364"</DIV>
<DIV> string
"org.ovirt.vdsm.Credentials"</DIV>
<DIV> string ":1.365"</DIV>
<DIV> string ":1.366"</DIV>
<DIV> string
"org.freedesktop.RealtimeKit1"</DIV>
<DIV>]</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>But still getting the samer error:</DIV>
<DIV> </DIV>
<DIV>Dummy-1::INFO::2016-07-15=20
18:08:12,299::OVirtAgentLogic::294::root::Received an external =
command:=20
login...</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::207::root::The=20
following users are allowed to connect: [0]</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::273::root::Opening=20
credentials channel...</DIV>
<DIV>Dummy-1::INFO::2016-07-15 =
18:08:12,300::CredServer::132::root::Emitting=20
user authenticated signal (656949).</DIV>
<DIV>CredChannel::INFO::2016-07-15=20
18:08:17,306::CredServer::241::root::Credentials channel timed =
out.</DIV>
<DIV>Dummy-1::INFO::2016-07-15=20
18:08:17,307::CredServer::277::root::Credentials channel was =
closed.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>
However the KDM =
support =3Ds=20
basically not really developed anymore as the majority of our users =
=3Dre rather=20
using GDM. So there=E2=80=99s quite the possibility that =
=3Dhere=E2=80=99s a problem.</DIV>
<DIV> </DIV>
<DIV>Well, i=E2=80=99m having different issues while trying to compile =
gdm=20
plugin:</DIV>
<DIV>configure: error: Package requirements (dbus-glib-1 >=3D =
0.74</DIV>
=
<DIV> &n=
bsp; =20
gdmsimplegreeter >=3D 3.2.1.1</DIV>
=
<DIV> &n=
bsp; =20
gobject-2.0 >=3D 2.22.0</DIV>
=
<DIV> &n=
bsp; =20
gtk+-2.0 >=3D 2.18.0</DIV>
<DIV> ) were
not met:</DIV>
<DIV> </DIV>
<DIV>Package gdmsimplegreeter was not found in the pkg-config search=20
path.</DIV>
<DIV>Found no information, o how to get=20
gdmsimplegreeter.</DIV></DIV></DIV></DIV></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO =
code builtin GNOME=20
you only need that the conf file and the pam extension plus the=20
gdm-ovirtcred pam config</DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV=20
style=3D"WORD-WRAP: break-word; -webkit-line-break: after-white-space; =
webkit-nbsp-mode: space"=20
dir=3Dltr =3D'lass=3D"" '>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: calibri">
<DIV=20
style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline">
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE type=3D"cite" =3D'lass=3D"" '>
<DIV>
<DIV><BR>Thank you.<BR =3D'lass=3D""
'><BR><BR=20
=3D'lass=3D""
'>_______________________________________________<BR=20
=3D'lass=3D"" '>Users mailing list<BR><A=20
=3D'ref=3D"mailto:Users@ovirt.org"
'>Users(a)ovirt.org</A><BR =
=3D'lass=3D"" '><A=20
=
href=3D"http://lists.ovirt.org/mailman/listinfo/users">http:...
.org/mailman/listinfo/users</A><BR=20
=3D'lass=3D"" =
'></DIV></DIV></BLOCKQUOTE><BR>=3D</DIV></DIV></DIV></DIV>_______________=
________________________________<BR>Users=20
mailing list<BR><A=20
=
href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR>http://lists.ovirt=
.org/mailman/listinfo/users<BR></DIV></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></BODY></HTML>
------=_NextPart_000_002B_01D1DED7.B0022300--
1:51 a.m.
After moving to gdm, I've managed to solve the timeout issue. Now i
bumped into another one:
oVirt agent seem to emit credentials without error:
Dummy-1::DEBUG::2016-07-18
09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials =
'\x00\x00\x00\x04test********\x00')
Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::DEBUG::2016-07-18 09:29:53,294::CredServer::272::root::Token:
250954
Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::132::root::Emitting
user authenticated signal (250954).
Dummy-1::INFO::2016-07-18
09:29:53,349::CredServer::277::root::Credentials channel was closed.
But pam module is failing:
gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire
user's credentials
After poking a bit I've managed to find, that module fails on:
if (ret == -1) {
D(("send() failed."));
return -1;
}
in cred_channel.c
Also, i have to mention, that there's no /etc/pamd/password-auth file
in Debian Linux. I've copied it from Centos (it is needed by gdm-
ovirtcred.pam)
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
6:12 a.m.
This is really interesting.
pam-ovirt-cred is randomly failing on one of two checks:
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c
red_channel.c#L107
and
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c
red_channel.c#L134
Theres no pattern, on which step it will fail. Sometimes it fails on
writing to socket sometimes on reading:
Jul 18 14:11:02 desktop64 cred-debug: recv() failed
Jul 18 14:11:14 desktop64 cred-debug: send() failed
Jul 18 14:11:18 desktop64 cred-debug: recv() failed
Jul 18 14:11:23 desktop64 cred-debug: recv() failed
Jul 18 14:11:28 desktop64 cred-debug: send() failed
Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 at 09:51 +0300,
Tadas wrote:
After moving to gdm, I've managed to solve the timeout issue. Now
i
bumped into another one:
oVirt agent seem to emit credentials without error:
Dummy-1::DEBUG::2016-07-18
09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials =
'\x00\x00\x00\x04test********\x00')
Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::DEBUG::2016-07-18
09:29:53,294::CredServer::272::root::Token:
250954
Dummy-1::INFO::2016-07-18
09:29:53,294::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-18
09:29:53,294::CredServer::132::root::Emitting
user authenticated signal (250954).
Dummy-1::INFO::2016-07-18
09:29:53,349::CredServer::277::root::Credentials channel was closed.
But pam module is failing:
gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire
user's credentials
After poking a bit I've managed to find, that module fails on:
if (ret == -1) {
D(("send() failed."));
return -1;
}
in cred_channel.c
Also, i have to mention, that there's no /etc/pamd/password-auth file
in Debian Linux. I've copied it from Centos (it is needed by gdm-
ovirtcred.pam)
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
7:08 a.m.
ovirt agent stops on this line and code below it is not executed:
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agen
t/CredServer.py#L147
On Mon, 2016-07-18 at 14:12 +0300, Tadas wrote:
This is really interesting.
pam-ovirt-cred is randomly failing on one of two checks:
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred
/c
red_channel.c#L107
and
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred
/c
red_channel.c#L134
Theres no pattern, on which step it will fail. Sometimes it fails on
writing to socket sometimes on reading:
Jul 18 14:11:02 desktop64 cred-debug: recv() failed
Jul 18 14:11:14 desktop64 cred-debug: send() failed
Jul 18 14:11:18 desktop64 cred-debug: recv() failed
Jul 18 14:11:23 desktop64 cred-debug: recv() failed
Jul 18 14:11:28 desktop64 cred-debug: send() failed
Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18
at 09:51 +0300, Tadas wrote:
> After moving to gdm, I've managed to solve the timeout issue. Now i
> bumped into another one:
> oVirt agent seem to emit credentials without error:
>
> Dummy-1::DEBUG::2016-07-18
> 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials
> =
> '\x00\x00\x00\x04test********\x00')
> Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The
> following users are allowed to connect: [0]
> Dummy-1::DEBUG::2016-07-18
> 09:29:53,294::CredServer::272::root::Token:
> 250954
> Dummy-1::INFO::2016-07-18
> 09:29:53,294::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2016-07-18
> 09:29:53,294::CredServer::132::root::Emitting
> user authenticated signal (250954).
> Dummy-1::INFO::2016-07-18
> 09:29:53,349::CredServer::277::root::Credentials channel was
> closed.
>
> But pam module is failing:
> gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to
> acquire
> user's credentials
>
> After poking a bit I've managed to find, that module fails on:
>
> if (ret == -1) {
> D(("send() failed."));
> return -1;
> }
>
> in cred_channel.c
>
>
> Also, i have to mention, that there's no /etc/pamd/password-auth
> file
> in Debian Linux. I've copied it from Centos (it is needed by gdm-
> ovirtcred.pam)
> > > _______________________________________________
> > > Users mailing list
> > > Users(a)ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> >
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
7:57 a.m.
On Fri, Jul 15, 2016 at 12:50 PM, Tadas <tadas(a)ring.lt> wrote:
Hello,
i'm struggling to get oVirt SSO working on Linux guest VM.
I can confirm, that SSO is fully functional on Windows guest (please
note it's not a full oVirt installation - I'm just testing oVirt guest
agent on virtual machines running on plain KVM hypervisor).
Part of the issue is that you are missing quite a bit of the orchestration
that oVirt performs to make SSO work...
There may some other issues, but I warmly suggest using oVirt and not the
undocumented APIs - which may or may not change in the future, between the
agent and other components.
Y.
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security
Configured /etc/pam.d/kdm-ovirt-cred with:
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
Configured /etc/kde4/kdm/kdmrc with:
PluginsLogin=ovirtcred
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
The only thing that worries me, - are the entries in kdm.log file:
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
8:16 a.m.
This is a multi-part message in MIME format.
------=_NextPart_000_0019_01D1DEB4.405C10B0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
SSO part as simple as emitting correctly formed json to spice socket, - =
as I=E2=80=99ve mentioned before, this works fine with windows guests.
Problem is only with linux guests. As for undocummented API, yes, =
=E2=80=93 you are right, documentation should help alot. It takes time =
to reverse engineer code.
But having full oVirt solution or not does not change the thing, that =
there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very =
confident, that this will persist if used Linux guest on oVirt. Perhaps =
this is just Debian oriented problem, so I was wondering if anyone had =
the same issue here.
From: Yaniv Kaul=20
Sent: Friday, July 15, 2016 3:57 PM
To: tadas(a)ring.lt=20
Cc: users=20
Subject: Re: [ovirt-users] Debian linux and oVirt SSO
=20
Part of the issue is that you are missing quite a bit of the =
orchestration that oVirt performs to make SSO work...
There may some other issues, but I warmly suggest using oVirt and not =
the undocumented APIs - which may or may not change in the future, =
between the agent and other components.
Y.
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security
Configured /etc/pam.d/kdm-ovirt-cred with:
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
Configured /etc/kde4/kdm/kdmrc with:
PluginsLogin=3Dovirtcred
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
The only thing that worries me, - are the entries in kdm.log file:
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.=20
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
------=_NextPart_000_0019_01D1DEB4.405C10B0
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<DIV>SSO part as simple as emitting correctly formed json to spice =
socket, - as=20
I=E2=80=99ve mentioned before, this works fine with windows =
guests.</DIV>
<DIV>Problem is only with linux guests. As for undocummented API, yes, =
=E2=80=93 you are=20
right, documentation should help alot. It takes time to reverse engineer =
code.</DIV>
<DIV>But having full oVirt solution or not does not change the thing, =
that=20
there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very =
confident, that this=20
will persist if used Linux guest on oVirt. Perhaps this is just Debian =
oriented=20
problem, so I was wondering if anyone had the same issue here.</DIV>
<DIV> </DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"><B>From:</B> <A =
title=3Dykaul(a)redhat.com=20
href=3D"mailto:ykaul@redhat.com">Yaniv Kaul</A> </DIV>
<DIV><B>Sent:</B> Friday, July 15, 2016 3:57 PM</DIV>
<DIV><B>To:</B> <A title=3Dtadas(a)ring.lt=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV>
<DIV><B>Cc:</B> <A title=3Dusers(a)ovirt.org =
href=3D"mailto:users@ovirt.org">users</A>=20
</DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV dir=3Dltr>
<DIV><BR> </DIV>
<DIV class=3Dgmail_extra>
<DIV class=3Dgmail_quote>
<DIV> </DIV>
<DIV>Part of the issue is that you are missing quite a bit of the =
orchestration=20
that oVirt performs to make SSO work...</DIV>
<DIV>There may some other issues, but I warmly suggest using oVirt and =
not the=20
undocumented APIs - which may or may not change in the future, between =
the agent=20
and other components.</DIV>
<DIV>Y.</DIV>
<DIV> </DIV>
<BLOCKQUOTE class=3Dgmail_quote=20
style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc =
1px solid"><BR>Steps=20
I've made:<BR>got oVirt guest agent up and running, I can communicate =
with it=20
from<BR>hypervisor:<BR><BR>socat=20
=
/var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<BR>vdi.0 =
-<BR>{"__name__": "os-version", "version": =
"4.6.0-1-amd64"}<BR>Compiled and=20
copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security<BR><BR>Configured=20
/etc/pam.d/kdm-ovirt-cred=20
=
with:<BR><BR>%PAM-1.0<BR>auth =20
required =20
pam_ovirt_cred.so<BR>auth =20
include =20
password-auth<BR>account =20
include =
password-auth<BR>password =20
include =20
password-auth<BR>session =
required =20
pam_selinux.so close<BR>session =20
required pam_selinux.so=20
open<BR>session =
include =20
password-auth<BR><BR>Compiled and copied kgreet_ovirtcred.so to=20
/usr/lib/kde4<BR><BR>Configured /etc/kde4/kdm/kdmrc=20
with:<BR><BR>PluginsLogin=3Dovirtcred<BR><BR>Symptoms:<BR>After
=
starting kdm, I=20
get login prompt with barely visible title (I<BR>assume it should =
spell "oVirt=20
Authentication" from<BR>kgreet_ovirtcred.cpp). Username and password =
boxes are=20
inactive - i<BR>cannot enter anything to them. After emitting=20
username/password to<BR>oVirt agent, I can see the following log=20
entries:<BR><BR>Dummy-1::INFO::2016-07-15=20
12:29:51,628::CredServer::207::root::The<BR>following users are =
allowed to=20
connect: [0]<BR>Dummy-1::INFO::2016-07-15=20
12:29:51,629::CredServer::273::root::Opening<BR>credentials=20
channel...<BR>Dummy-1::INFO::2016-07-15=20
12:29:51,629::CredServer::132::root::Emitting<BR>user authenticated =
signal=20
=
(509542).<BR>CredChannel::INFO::2016-07-15<BR>12:29:56,634::CredServer::2=
41::root::Credentials=20
channel timed out.<BR><BR>The only thing that worries me, - are the =
entries in=20
kdm.log file:<BR><BR>klauncher(6100) kdemain: No DBUS session-bus =
found. Check=20
if you have<BR>started the DBUS server. <BR><BR>Since oVirt guest =
agent sends=20
wakeup message to greeter plugin via<BR>Dbus, perhaps this is the =
problem?=20
Maybe someone had the same problem<BR>here?<BR>This happens on Debian =
8 and=20
9.<BR><BR>Thank=20
=
you.<BR><BR><BR>_______________________________________________<BR>Users
=
mailing list<BR><A =
href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20
href=3D"http://lists.ovirt.org/mailman/listinfo/users" =
rel=3Dnoreferrer=20
=
target=3D_blank>http://lists.ovirt.org/mailman/listinfo/users</A>...
OCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML>
------=_NextPart_000_0019_01D1DEB4.405C10B0--
3220
days inactive
3223
days old
9 comments
3 participants
participants (3)
-
Tadas -
Vinzenz Feenstra -
Yaniv Kaul