Debian linux and oVirt SSO
Hello, i'm struggling to get oVirt SSO working on Linux guest VM. I can confirm, that SSO is fully functional on Windows guest (please note it's not a full oVirt installation - I'm just testing oVirt guest agent on virtual machines running on plain KVM hypervisor). Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security Configured /etc/pam.d/kdm-ovirt-cred with: %PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 Configured /etc/kde4/kdm/kdmrc with: PluginsLogin=ovirtcred Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. The only thing that worries me, - are the entries in kdm.log file: klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server. Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9. Thank you.
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8
On Jul 15, 2016, at 11:50 AM, Tadas <tadas@ring.lt> wrote: =20 Hello, i'm struggling to get oVirt SSO working on Linux guest VM. I can confirm, that SSO is fully functional on Windows guest (please note it's not a full oVirt installation - I'm just testing oVirt guest agent on virtual machines running on plain KVM hypervisor). =20 Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: =20 socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security =20 Configured /etc/pam.d/kdm-ovirt-cred with: =20 %PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth =20 Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 =20 Configured /etc/kde4/kdm/kdmrc with: =20 PluginsLogin=3Dovirtcred
you should just add ovirtcred and not remove all the other options, = without the other options you=E2=80=99re not able to login
=20 Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: =20 Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. =20 The only thing that worries me, - are the entries in kdm.log file: =20 klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server.=20
To me it looks like that you=E2=80=99re missing=20 = https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/o= rg.ovirt.vdsm.Credentials.conf = <https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/= org.ovirt.vdsm.Credentials.conf>
=20 Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9.
However the KDM support is basically not really developed anymore as the = majority of our users are rather using GDM. So there=E2=80=99s quite the = possibility that there=E2=80=99s a problem.
=20 Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 15, 2016, at 11:50 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">Hello,<br class=3D"">i'm struggling to get oVirt SSO working = on Linux guest VM.<br class=3D"">I can confirm, that SSO is fully = functional on Windows guest (please<br class=3D"">note it's not a full = oVirt installation - I'm just testing oVirt guest<br class=3D"">agent on = virtual machines running on plain KVM hypervisor).<br class=3D""><br = class=3D"">Steps I've made:<br class=3D"">got oVirt guest agent up and = running, I can communicate with it from<br class=3D"">hypervisor:<br = class=3D""><br class=3D"">socat = /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<br = class=3D"">vdi.0 -<br class=3D"">{"__name__": "os-version", "version": = "4.6.0-1-amd64"}<br class=3D"">Compiled and copied pam_ovirt_cred.so = to /lib/x86_64-linux-gnu/security<br class=3D""><br = class=3D"">Configured /etc/pam.d/kdm-ovirt-cred with:<br class=3D""><br = class=3D"">%PAM-1.0<br = class=3D"">auth required&nb= sp; pam_ovirt_cred.so<br = class=3D"">auth include&nbs= p; password-auth<br = class=3D"">account include &= nbsp; password-auth<br = class=3D"">password include = password-auth<br = class=3D"">session required = pam_selinux.so close<br = class=3D"">session required = pam_selinux.so open<br = class=3D"">session include &= nbsp; password-auth<br class=3D""><br class=3D"">Compiled and = copied kgreet_ovirtcred.so to /usr/lib/kde4<br class=3D""><br = class=3D"">Configured /etc/kde4/kdm/kdmrc with:<br class=3D""><br = class=3D"">PluginsLogin=3Dovirtcred<br = class=3D""></div></div></blockquote><div><br class=3D""></div><div>you = should just add ovirtcred and not remove all the other options, without = the other options you=E2=80=99re not able to login</div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">Symptoms:<br class=3D"">After starting kdm, I = get login prompt with barely visible title (I<br class=3D"">assume it = should spell "oVirt Authentication" from<br = class=3D"">kgreet_ovirtcred.cpp). Username and password boxes are = inactive - i<br class=3D"">cannot enter anything to them. After emitting = username/password to<br class=3D"">oVirt agent, I can see the following = log entries:<br class=3D""><br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,628::CredServer::207::root::The<br class=3D"">following users = are allowed to connect: [0]<br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::273::root::Opening<br class=3D"">credentials = channel...<br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal (509542).<br = class=3D"">CredChannel::INFO::2016-07-15<br = class=3D"">12:29:56,634::CredServer::241::root::Credentials channel = timed out.<br class=3D""><br class=3D"">The only thing that worries me, = - are the entries in kdm.log file:<br class=3D""><br = class=3D"">klauncher(6100) kdemain: No DBUS session-bus found. Check if = you have<br class=3D"">started the DBUS server. <br = class=3D""></div></div></blockquote><div><br class=3D""></div><div>To me = it looks like that you=E2=80=99re missing </div><div><a = href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest= -agent/org.ovirt.vdsm.Credentials.conf" = class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu= est-agent/org.ovirt.vdsm.Credentials.conf</a></div><div><br = class=3D""></div><div><br class=3D""></div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D""><br = class=3D"">Since oVirt guest agent sends wakeup message to greeter = plugin via<br class=3D"">Dbus, perhaps this is the problem? Maybe = someone had the same problem<br class=3D"">here?<br class=3D"">This = happens on Debian 8 and 9.<br class=3D""></div></div></blockquote><div><br= class=3D""></div><div><br class=3D""></div><div>However the KDM support = is basically not really developed anymore as the majority of our users = are rather using GDM. So there=E2=80=99s quite the possibility that = there=E2=80=99s a problem.</div><br class=3D""><blockquote type=3D"cite" = class=3D""><div class=3D""><div class=3D""><br class=3D"">Thank you.<br = class=3D""><br class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users mailing list<br class=3D""><a = href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C--
This is a multi-part message in MIME format. ------=_NextPart_000_0074_01D1DEC4.1835A460 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you for reply. you =3Dhould just add ovirtcred and not remove all the other = options, without =3Dhe other options you=E2=80=99re not able to login There are other options, i=E2=80=99ve just changed the folowing = parameter: PluginsLogin=3Dovirtcred should i use somekind of plugin list and add the classic plugin also? = eg: PluginsLogin=3Dclassic, ovirtcred To me =3Dt looks like that you=E2=80=99re missing=20 = https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen= t/org.ovirt.vdsm.Credentials.conf seems you are right. Now i do see ovirt in dbus sessions: DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus = --type=3Dmethod_call --print-reply /org/freedesktop/DBus = org.freedesktop.DBus.ListNames array [ string "org.freedesktop.DBus" string "org.freedesktop.login1" string ":1.72" string ":1.171" string "org.freedesktop.systemd1" string "org.freedesktop.PolicyKit1" string ":1.360" string ":1.66" string "org.freedesktop.PackageKit" string ":1.67" string "org.freedesktop.UPower" string ":1.363" string ":1.0" string "org.freedesktop.UDisks2" string ":1.68" string ":1.364" string "org.ovirt.vdsm.Credentials" string ":1.365" string ":1.366" string "org.freedesktop.RealtimeKit1" ] But still getting the samer error: Dummy-1::INFO::2016-07-15 = 18:08:12,299::OVirtAgentLogic::294::root::Received an external command: = login... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The = following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening = credentials channel... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::132::root::Emitting = user authenticated signal (656949). CredChannel::INFO::2016-07-15 = 18:08:17,306::CredServer::241::root::Credentials channel timed out. Dummy-1::INFO::2016-07-15 = 18:08:17,307::CredServer::277::root::Credentials channel was closed. However the KDM support =3Ds basically not really developed = anymore as the majority of our users =3Dre rather using GDM. So = there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem. Well, i=E2=80=99m having different issues while trying to compile gdm = plugin: configure: error: Package requirements (dbus-glib-1 >=3D 0.74 gdmsimplegreeter >=3D 3.2.1.1 gobject-2.0 >=3D 2.22.0 gtk+-2.0 >=3D 2.18.0 ) were not met: Package gdmsimplegreeter was not found in the pkg-config search path. Found no information, o how to get gdmsimplegreeter. Thank you. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users =3D ------=_NextPart_000_0074_01D1DEC4.1835A460 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META content=3D"text/html =3Dharset=3Dutf-8" = http-equiv=3DContent-Type></HEAD> <BODY=20 style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"=20 dir=3Dltr =3D'lass=3D""'> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>Thank you for reply.</DIV> <DIV> </DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> =20 you =3Dhould just add ovirtcred and not remove all the other options, = without =3Dhe=20 other options you=E2=80=99re not able to login</DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> </DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'>There=20 are other options, i=E2=80=99ve just changed the folowing = parameter:</DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'><FONT=20 style=3D"BACKGROUND-COLOR: #ffffff"=20 face=3D"Times New Roman">PluginsLogin=3Dovirtcred</FONT></DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'><FONT=20 face=3D"Times New Roman">should i use somekind of plugin list and add = the classic=20 plugin also? eg:</FONT></DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'><FONT=20 style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New = Roman">PluginsLogin=3Dclassic,=20 ovirtcred</FONT></DIV></DIV></DIV> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV =3D'lass=3D""'>To me =3Dt looks like that you=E2=80=99re missing = </DIV> <DIV =3D'lass=3D""'><A=20 = href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3D= st-agent/org.ovirt.vdsm.Credentials.conf"=20 = =3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-g= uest=3Dagent/org.ovirt.vdsm.Credentials.conf"'>https://github.com/oVirt/o= virt-guest-agent/blob/master/ovirt-gu=3Dst-agent/org.ovirt.vdsm.Credentia= ls.conf</A></DIV> <DIV =3D'lass=3D""'> </DIV> <DIV =3D'lass=3D""'> </DIV> <DIV> </DIV></DIV></BLOCKQUOTE> <DIV =3D'lass=3D""'>seems you are right. Now i do see ovirt in dbus = sessions:</DIV> <DIV =3D'lass=3D""'> </DIV> <DIV =3D'lass=3D""'>DISPLAY=3D:0.0 dbus-send --system = --dest=3Dorg.freedesktop.DBus=20 --type=3Dmethod_call --print-reply /org/freedesktop/DBus=20 org.freedesktop.DBus.ListNames</DIV> <DIV =3D'lass=3D""'> </DIV> <DIV>array [</DIV> <DIV> string "org.freedesktop.DBus"</DIV> <DIV> string "org.freedesktop.login1"</DIV> <DIV> string ":1.72"</DIV> <DIV> string ":1.171"</DIV> <DIV> string "org.freedesktop.systemd1"</DIV> <DIV> string "org.freedesktop.PolicyKit1"</DIV> <DIV> string ":1.360"</DIV> <DIV> string ":1.66"</DIV> <DIV> string "org.freedesktop.PackageKit"</DIV> <DIV> string ":1.67"</DIV> <DIV> string "org.freedesktop.UPower"</DIV> <DIV> string ":1.363"</DIV> <DIV> string ":1.0"</DIV> <DIV> string "org.freedesktop.UDisks2"</DIV> <DIV> string ":1.68"</DIV> <DIV> string ":1.364"</DIV> <DIV> string "org.ovirt.vdsm.Credentials"</DIV> <DIV> string ":1.365"</DIV> <DIV> string ":1.366"</DIV> <DIV> string "org.freedesktop.RealtimeKit1"</DIV> <DIV>]</DIV> <DIV> </DIV> <DIV> </DIV> <DIV>But still getting the samer error:</DIV> <DIV> </DIV> <DIV>Dummy-1::INFO::2016-07-15=20 18:08:12,299::OVirtAgentLogic::294::root::Received an external command:=20 login...</DIV> <DIV>Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The=20 following users are allowed to connect: [0]</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::273::root::Opening=20 credentials channel...</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::132::root::Emitting=20 user authenticated signal (656949).</DIV> <DIV>CredChannel::INFO::2016-07-15=20 18:08:17,306::CredServer::241::root::Credentials channel timed = out.</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:17,307::CredServer::277::root::Credentials=20 channel was closed.</DIV> <DIV> </DIV> <DIV> </DIV> <DIV> However the KDM support = =3Ds=20 basically not really developed anymore as the majority of our users = =3Dre rather=20 using GDM. So there=E2=80=99s quite the possibility that = =3Dhere=E2=80=99s a problem.</DIV> <DIV> </DIV> <DIV>Well, i=E2=80=99m having different issues while trying to compile = gdm plugin:</DIV> <DIV>configure: error: Package requirements (dbus-glib-1 >=3D = 0.74</DIV> <DIV> &n= bsp; =20 gdmsimplegreeter >=3D 3.2.1.1</DIV> <DIV> &n= bsp; =20 gobject-2.0 >=3D 2.22.0</DIV> <DIV> &n= bsp; =20 gtk+-2.0 >=3D 2.18.0</DIV> <DIV> ) were not met:</DIV> <DIV> </DIV> <DIV>Package gdmsimplegreeter was not found in the pkg-config search = path.</DIV> <DIV>Found no information, o how to get gdmsimplegreeter.</DIV> <DIV> </DIV> <DIV><BR></DIV> <BLOCKQUOTE =3D'lass=3D""' type=3D"cite"> <DIV> <DIV><BR>Thank you.<BR =3D'lass=3D""'><BR><BR=20 =3D'lass=3D""'>_______________________________________________<BR = =3D'lass=3D""'>Users=20 mailing list<BR><A = =3D'ref=3D"mailto:Users@ovirt.org"'>Users@ovirt.org</A><BR=20 =3D'lass=3D""'>http://lists.ovirt.org/mailman/listinfo/users<BR=20 = =3D'lass=3D""'></DIV></DIV></BLOCKQUOTE><BR>=3D</DIV></DIV></DIV></BODY><= /HTML> ------=_NextPart_000_0074_01D1DEC4.1835A460--
On Jul 15, 2016, at 5:09 PM, Tadas <tadas@ring.lt> wrote: =20 Thank you for reply. =20 =20 you =3Dhould just add ovirtcred and not remove all the other =
=20 There are other options, i=E2=80=99ve just changed the folowing =
PluginsLogin=3Dovirtcred should i use somekind of plugin list and add the classic plugin also? = eg: PluginsLogin=3Dclassic, ovirtcred
To me =3Dt looks like that you=E2=80=99re missing = https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agent= /org.ovirt.vdsm.Credentials.conf = <https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen= t/org.ovirt.vdsm.Credentials.conf> =20 =20 =20 seems you are right. Now i do see ovirt in dbus sessions: =20 DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus = --type=3Dmethod_call --print-reply /org/freedesktop/DBus = org.freedesktop.DBus.ListNames =20 array [ string "org.freedesktop.DBus" string "org.freedesktop.login1" string ":1.72" string ":1.171" string "org.freedesktop.systemd1" string "org.freedesktop.PolicyKit1" string ":1.360" string ":1.66" string "org.freedesktop.PackageKit" string ":1.67" string "org.freedesktop.UPower" string ":1.363" string ":1.0" string "org.freedesktop.UDisks2" string ":1.68" string ":1.364" string "org.ovirt.vdsm.Credentials" string ":1.365" string ":1.366" string "org.freedesktop.RealtimeKit1" ] =20 =20 But still getting the samer error: =20 Dummy-1::INFO::2016-07-15 = 18:08:12,299::OVirtAgentLogic::294::root::Received an external command: = login... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The = following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening = credentials channel... Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::132::root::Emitting user authenticated signal = (656949). CredChannel::INFO::2016-07-15 = 18:08:17,306::CredServer::241::root::Credentials channel timed out. Dummy-1::INFO::2016-07-15 = 18:08:17,307::CredServer::277::root::Credentials channel was closed. =20 =20 However the KDM support =3Ds basically not really developed = anymore as the majority of our users =3Dre rather using GDM. So =
=20 Well, i=E2=80=99m having different issues while trying to compile gdm =
--Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 options, without =3Dhe other options you=E2=80=99re not able to login parameter: there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem. plugin:
configure: error: Package requirements (dbus-glib-1 >=3D 0.74 gdmsimplegreeter >=3D 3.2.1.1 gobject-2.0 >=3D 2.22.0 gtk+-2.0 >=3D 2.18.0 ) were not met: =20 Package gdmsimplegreeter was not found in the pkg-config search path. Found no information, o how to get gdmsimplegreeter.
That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO code = builtin GNOME you only need that the conf file and the pam extension = plus the gdm-ovirtcred pam config
=20 =20
=20 Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org <> http://lists.ovirt.org/mailman/listinfo/users =20 =3D
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 15, 2016, at 5:09 PM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""> <meta content=3D"text/html =3Dharset=3Dutf-8" http-equiv=3D"Content-Type" = class=3D""> <div style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" dir=3D"ltr" =3D'lass=3D"" '=3D"" = class=3D""> <div dir=3D"ltr" class=3D""> <div style=3D"font-size: 12pt; font-family: Calibri;" class=3D""> <div class=3D"">Thank you for reply.</div> <div class=3D""> </div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> <div style=3D"FONT: 10pt tahoma" class=3D""> <div class=3D""> </div> <div style=3D"BACKGROUND: #f5f5f5" class=3D""> <div style=3D"font-color: black" class=3D""></div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> =20 you =3Dhould just add ovirtcred and not remove all the other options, = without =3Dhe=20 other options you=E2=80=99re not able to login</div></div> <div style=3D"font-color: black" class=3D""> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> </div></div> <div style=3D"font-color: black" class=3D""> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D"">There=20 are other options, i=E2=80=99ve just changed the folowing = parameter:</div></div> <div style=3D"font-color: black" class=3D""> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""><font style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New = Roman" class=3D"">PluginsLogin=3Dovirtcred</font></div></div> <div style=3D"font-color: black" class=3D""> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""><font face=3D"Times New Roman" class=3D"">should i use = somekind of plugin list and add the classic=20 plugin also? eg:</font></div></div> <div style=3D"font-color: black" class=3D""> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""><font style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New = Roman" class=3D"">PluginsLogin=3Dclassic,=20 ovirtcred</font></div></div></div> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div =3D'lass=3D"" '=3D"" class=3D"">To me =3Dt looks like that = you=E2=80=99re missing </div> <div =3D'lass=3D"" '=3D"" class=3D""><a = href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3D= st-agent/org.ovirt.vdsm.Credentials.conf" = =3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu= est=3Dagent/org.ovirt.vdsm.Credentials.conf" '=3D"" = class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu= =3Dst-agent/org.ovirt.vdsm.Credentials.conf</a></div> <div =3D'lass=3D"" '=3D"" class=3D""> </div> <div =3D'lass=3D"" '=3D"" class=3D""> </div> <div class=3D""> </div></div></blockquote> <div =3D'lass=3D"" '=3D"" class=3D"">seems you are right. Now i do see = ovirt in dbus sessions:</div> <div =3D'lass=3D"" '=3D"" class=3D""> </div> <div =3D'lass=3D"" '=3D"" class=3D"">DISPLAY=3D:0.0 dbus-send --system = --dest=3Dorg.freedesktop.DBus=20 --type=3Dmethod_call --print-reply /org/freedesktop/DBus=20 org.freedesktop.DBus.ListNames</div> <div =3D'lass=3D"" '=3D"" class=3D""> </div> <div class=3D"">array [</div> <div class=3D""> string "org.freedesktop.DBus"</div> <div class=3D""> string "org.freedesktop.login1"</div> <div class=3D""> string ":1.72"</div> <div class=3D""> string ":1.171"</div> <div class=3D""> string "org.freedesktop.systemd1"</div> <div class=3D""> string "org.freedesktop.PolicyKit1"</div> <div class=3D""> string ":1.360"</div> <div class=3D""> string ":1.66"</div> <div class=3D""> string "org.freedesktop.PackageKit"</div> <div class=3D""> string ":1.67"</div> <div class=3D""> string "org.freedesktop.UPower"</div> <div class=3D""> string ":1.363"</div> <div class=3D""> string ":1.0"</div> <div class=3D""> string "org.freedesktop.UDisks2"</div> <div class=3D""> string ":1.68"</div> <div class=3D""> string ":1.364"</div> <div class=3D""> string "org.ovirt.vdsm.Credentials"</div> <div class=3D""> string ":1.365"</div> <div class=3D""> string ":1.366"</div> <div class=3D""> string "org.freedesktop.RealtimeKit1"</div> <div class=3D"">]</div> <div class=3D""> </div> <div class=3D""> </div> <div class=3D"">But still getting the samer error:</div> <div class=3D""> </div> <div class=3D"">Dummy-1::INFO::2016-07-15=20 18:08:12,299::OVirtAgentLogic::294::root::Received an external command:=20= login...</div> <div class=3D"">Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::207::root::The=20 following users are allowed to connect: [0]</div> <div class=3D"">Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::273::root::Opening=20 credentials channel...</div> <div class=3D"">Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::132::root::Emitting=20 user authenticated signal (656949).</div> <div class=3D"">CredChannel::INFO::2016-07-15=20 18:08:17,306::CredServer::241::root::Credentials channel timed = out.</div> <div class=3D"">Dummy-1::INFO::2016-07-15 = 18:08:17,307::CredServer::277::root::Credentials=20 channel was closed.</div> <div class=3D""> </div> <div class=3D""> </div> <div class=3D""> However the = KDM support =3Ds=20 basically not really developed anymore as the majority of our users =3Dre = rather=20 using GDM. So there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s= a problem.</div> <div class=3D""> </div> <div class=3D"">Well, i=E2=80=99m having different issues while trying = to compile gdm plugin:</div> <div class=3D"">configure: error: Package requirements (dbus-glib-1 = >=3D 0.74</div> <div = class=3D""> &nb= sp; =20 gdmsimplegreeter >=3D 3.2.1.1</div> <div = class=3D""> &nb= sp; =20 gobject-2.0 >=3D 2.22.0</div> <div = class=3D""> &nb= sp; =20 gtk+-2.0 >=3D 2.18.0</div> <div class=3D""> ) were not = met:</div> <div class=3D""> </div> <div class=3D"">Package gdmsimplegreeter was not found in the pkg-config = search path.</div> <div class=3D"">Found no information, o how to get = gdmsimplegreeter.</div></div></div></div></div></div></blockquote><div><br= class=3D""></div><div>That=E2=80=99s for GDM < 3.8ish from 3.10 we = have the GDM SSO code builtin GNOME you only need that the conf file and = the pam extension plus the gdm-ovirtcred pam config</div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = style=3D"WORD-WRAP: break-word; webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" dir=3D"ltr" =3D'lass=3D"" '=3D"" = class=3D""><div dir=3D"ltr" class=3D""><div style=3D"font-size: 12pt; = font-family: Calibri;" class=3D""><div style=3D"font-size: small; = text-decoration: none; font-family: Calibri; font-weight: normal; = font-style: normal; display: inline;" class=3D""> <div class=3D""> </div> <div class=3D""><br class=3D""></div> <blockquote =3D'lass=3D"" '=3D"" type=3D"cite" class=3D""> <div class=3D""> <div class=3D""><br class=3D"">Thank you.<br =3D'lass=3D"" '=3D"" = class=3D""><br class=3D""><br =3D'lass=3D"" '=3D"" = class=3D"">_______________________________________________<br =3D'lass=3D"= " '=3D"" class=3D"">Users=20 mailing list<br class=3D""><a =3D'ref=3D"mailto:Users@ovirt.org" '=3D"" = class=3D"">Users@ovirt.org</a><br =3D'lass=3D"" '=3D"" class=3D""><a = href=3D"http://lists.ovirt.org/mailman/listinfo/users" = class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a><br = =3D'lass=3D"" '=3D"" class=3D""></div></div></blockquote><br = class=3D"">=3D</div></div></div></div> _______________________________________________<br class=3D"">Users = mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org" = class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_DD882099-DC3E-4BF2-B01A-AB5F269FD384--
This is a multi-part message in MIME format. ------=_NextPart_000_002B_01D1DED7.B0022300 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Aha. Thank you. Will try this one From: Vinzenz Feenstra=20 Sent: Friday, July 15, 2016 7:35 PM To: Tadas=20 Cc: users@ovirt.org=20 Subject: Re: [ovirt-users] Debian linux and oVirt SSO On Jul 15, 2016, at 5:09 PM, Tadas <tadas@ring.lt> wrote: Thank you for reply. you =3Dhould just add ovirtcred and not remove all the other = options, without =3Dhe other options you=E2=80=99re not able to login There are other options, i=E2=80=99ve just changed the folowing = parameter: PluginsLogin=3Dovirtcred should i use somekind of plugin list and add the classic plugin also? = eg: PluginsLogin=3Dclassic, ovirtcred To me =3Dt looks like that you=E2=80=99re missing=20 = https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-agen= t/org.ovirt.vdsm.Credentials.conf seems you are right. Now i do see ovirt in dbus sessions: DISPLAY=3D:0.0 dbus-send --system --dest=3Dorg.freedesktop.DBus = --type=3Dmethod_call --print-reply /org/freedesktop/DBus = org.freedesktop.DBus.ListNames array [ string "org.freedesktop.DBus" string "org.freedesktop.login1" string ":1.72" string ":1.171" string "org.freedesktop.systemd1" string "org.freedesktop.PolicyKit1" string ":1.360" string ":1.66" string "org.freedesktop.PackageKit" string ":1.67" string "org.freedesktop.UPower" string ":1.363" string ":1.0" string "org.freedesktop.UDisks2" string ":1.68" string ":1.364" string "org.ovirt.vdsm.Credentials" string ":1.365" string ":1.366" string "org.freedesktop.RealtimeKit1" ] But still getting the samer error: Dummy-1::INFO::2016-07-15 = 18:08:12,299::OVirtAgentLogic::294::root::Received an external command: = login... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The = following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening = credentials channel... Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::132::root::Emitting user authenticated signal = (656949). CredChannel::INFO::2016-07-15 = 18:08:17,306::CredServer::241::root::Credentials channel timed out. Dummy-1::INFO::2016-07-15 = 18:08:17,307::CredServer::277::root::Credentials channel was closed. However the KDM support =3Ds basically not really developed = anymore as the majority of our users =3Dre rather using GDM. So = there=E2=80=99s quite the possibility that =3Dhere=E2=80=99s a problem. Well, i=E2=80=99m having different issues while trying to compile gdm = plugin: configure: error: Package requirements (dbus-glib-1 >=3D 0.74 gdmsimplegreeter >=3D 3.2.1.1 gobject-2.0 >=3D 2.22.0 gtk+-2.0 >=3D 2.18.0 ) were not met: Package gdmsimplegreeter was not found in the pkg-config search path. Found no information, o how to get gdmsimplegreeter. That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO code = builtin GNOME you only need that the conf file and the pam extension = plus the gdm-ovirtcred pam config Thank you. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users =3D _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ------=_NextPart_000_002B_01D1DED7.B0022300 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META content=3D"text/html charset=3Dutf-8" = http-equiv=3DContent-Type></HEAD> <BODY=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"=20 dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>Aha. Thank you. Will try this one</DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"><B>From:</B> <A = title=3Dvfeenstr@redhat.com=20 href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV> <DIV><B>Sent:</B> Friday, July 15, 2016 7:35 PM</DIV> <DIV><B>To:</B> <A title=3Dtadas@ring.lt = href=3D"mailto:tadas@ring.lt">Tadas</A>=20 </DIV> <DIV><B>Cc:</B> <A title=3Dusers@ovirt.org=20 href=3D"mailto:users@ovirt.org">users@ovirt.org</A> </DIV> <DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20 SSO</DIV></DIV></DIV> <DIV> </DIV></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV> </DIV> <DIV> <BLOCKQUOTE type=3D"cite"> <DIV>On Jul 15, 2016, at 5:09 PM, Tadas <<A=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>> wrote:</DIV> <DIV> </DIV> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-line-break: after-white-space; = webkit-nbsp-mode: space"=20 dir=3Dltr =3D'lass=3D"" '> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: calibri"> <DIV>Thank you for reply.</DIV> <DIV> </DIV> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"> <DIV style=3D"FONT: 10pt tahoma"> <DIV> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"></DIV> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: = inline"> =20 you =3Dhould just add ovirtcred and not remove all the other options, = without=20 =3Dhe other options you=E2=80=99re not able to login</DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: = inline"> </DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline">There = are other options, i=E2=80=99ve just changed the folowing = parameter:</DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT = style=3D"BACKGROUND-COLOR: #ffffff"=20 face=3D"Times New Roman">PluginsLogin=3Dovirtcred</FONT></DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT = face=3D"Times New Roman">should i use somekind of plugin list and add = the=20 classic plugin also? eg:</FONT></DIV></DIV> <DIV style=3D"font-color: black"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"><FONT = style=3D"BACKGROUND-COLOR: #ffffff" face=3D"Times New = Roman">PluginsLogin=3Dclassic,=20 ovirtcred</FONT></DIV></DIV></DIV> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV =3D'lass=3D"" '>To me =3Dt looks like that you=E2=80=99re = missing </DIV> <DIV =3D'lass=3D"" '><A=20 = href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3D= st-agent/org.ovirt.vdsm.Credentials.conf"=20 = =3D'ref=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-g= uest=3Dagent/org.ovirt.vdsm.Credentials.conf" = '>https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=3Dst-ag= ent/org.ovirt.vdsm.Credentials.conf</A></DIV> <DIV =3D'lass=3D"" '> </DIV> <DIV =3D'lass=3D"" '> </DIV> <DIV> </DIV></DIV></BLOCKQUOTE> <DIV =3D'lass=3D"" '>seems you are right. Now i do see ovirt in dbus=20 sessions:</DIV> <DIV =3D'lass=3D"" '> </DIV> <DIV =3D'lass=3D"" '>DISPLAY=3D:0.0 dbus-send --system = --dest=3Dorg.freedesktop.DBus=20 --type=3Dmethod_call --print-reply /org/freedesktop/DBus=20 org.freedesktop.DBus.ListNames</DIV> <DIV =3D'lass=3D"" '> </DIV> <DIV>array [</DIV> <DIV> string "org.freedesktop.DBus"</DIV> <DIV> string "org.freedesktop.login1"</DIV> <DIV> string ":1.72"</DIV> <DIV> string ":1.171"</DIV> <DIV> string "org.freedesktop.systemd1"</DIV> <DIV> string "org.freedesktop.PolicyKit1"</DIV> <DIV> string ":1.360"</DIV> <DIV> string ":1.66"</DIV> <DIV> string "org.freedesktop.PackageKit"</DIV> <DIV> string ":1.67"</DIV> <DIV> string "org.freedesktop.UPower"</DIV> <DIV> string ":1.363"</DIV> <DIV> string ":1.0"</DIV> <DIV> string "org.freedesktop.UDisks2"</DIV> <DIV> string ":1.68"</DIV> <DIV> string ":1.364"</DIV> <DIV> string "org.ovirt.vdsm.Credentials"</DIV> <DIV> string ":1.365"</DIV> <DIV> string ":1.366"</DIV> <DIV> string "org.freedesktop.RealtimeKit1"</DIV> <DIV>]</DIV> <DIV> </DIV> <DIV> </DIV> <DIV>But still getting the samer error:</DIV> <DIV> </DIV> <DIV>Dummy-1::INFO::2016-07-15=20 18:08:12,299::OVirtAgentLogic::294::root::Received an external = command:=20 login...</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::207::root::The=20 following users are allowed to connect: [0]</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::273::root::Opening=20 credentials channel...</DIV> <DIV>Dummy-1::INFO::2016-07-15 = 18:08:12,300::CredServer::132::root::Emitting=20 user authenticated signal (656949).</DIV> <DIV>CredChannel::INFO::2016-07-15=20 18:08:17,306::CredServer::241::root::Credentials channel timed = out.</DIV> <DIV>Dummy-1::INFO::2016-07-15=20 18:08:17,307::CredServer::277::root::Credentials channel was = closed.</DIV> <DIV> </DIV> <DIV> </DIV> <DIV> However the KDM = support =3Ds=20 basically not really developed anymore as the majority of our users = =3Dre rather=20 using GDM. So there=E2=80=99s quite the possibility that = =3Dhere=E2=80=99s a problem.</DIV> <DIV> </DIV> <DIV>Well, i=E2=80=99m having different issues while trying to compile = gdm=20 plugin:</DIV> <DIV>configure: error: Package requirements (dbus-glib-1 >=3D = 0.74</DIV> = <DIV> &n= bsp; =20 gdmsimplegreeter >=3D 3.2.1.1</DIV> = <DIV> &n= bsp; =20 gobject-2.0 >=3D 2.22.0</DIV> = <DIV> &n= bsp; =20 gtk+-2.0 >=3D 2.18.0</DIV> <DIV> ) were not met:</DIV> <DIV> </DIV> <DIV>Package gdmsimplegreeter was not found in the pkg-config search=20 path.</DIV> <DIV>Found no information, o how to get=20 gdmsimplegreeter.</DIV></DIV></DIV></DIV></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV>That=E2=80=99s for GDM < 3.8ish from 3.10 we have the GDM SSO = code builtin GNOME=20 you only need that the conf file and the pam extension plus the=20 gdm-ovirtcred pam config</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-line-break: after-white-space; = webkit-nbsp-mode: space"=20 dir=3Dltr =3D'lass=3D"" '> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: calibri"> <DIV=20 style=3D"FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = calibri; FONT-WEIGHT: normal; FONT-STYLE: normal; DISPLAY: inline"> <DIV> </DIV> <DIV> </DIV> <BLOCKQUOTE type=3D"cite" =3D'lass=3D"" '> <DIV> <DIV><BR>Thank you.<BR =3D'lass=3D"" '><BR><BR=20 =3D'lass=3D"" '>_______________________________________________<BR=20 =3D'lass=3D"" '>Users mailing list<BR><A=20 =3D'ref=3D"mailto:Users@ovirt.org" '>Users@ovirt.org</A><BR = =3D'lass=3D"" '><A=20 = href=3D"http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt= .org/mailman/listinfo/users</A><BR=20 =3D'lass=3D"" = '></DIV></DIV></BLOCKQUOTE><BR>=3D</DIV></DIV></DIV></DIV>_______________= ________________________________<BR>Users=20 mailing list<BR><A=20 = href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR>http://lists.ovirt= .org/mailman/listinfo/users<BR></DIV></BLOCKQUOTE></DIV> <DIV> </DIV></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_002B_01D1DED7.B0022300--
After moving to gdm, I've managed to solve the timeout issue. Now i bumped into another one: oVirt agent seem to emit credentials without error: Dummy-1::DEBUG::2016-07-18 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2016-07-18 09:29:53,294::CredServer::272::root::Token: 250954 Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::132::root::Emitting user authenticated signal (250954). Dummy-1::INFO::2016-07-18 09:29:53,349::CredServer::277::root::Credentials channel was closed. But pam module is failing: gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire user's credentials After poking a bit I've managed to find, that module fails on: if (ret == -1) { D(("send() failed.")); return -1; } in cred_channel.c Also, i have to mention, that there's no /etc/pamd/password-auth file in Debian Linux. I've copied it from Centos (it is needed by gdm- ovirtcred.pam)
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is really interesting. pam-ovirt-cred is randomly failing on one of two checks: https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c red_channel.c#L107 and https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c red_channel.c#L134 Theres no pattern, on which step it will fail. Sometimes it fails on writing to socket sometimes on reading: Jul 18 14:11:02 desktop64 cred-debug: recv() failed Jul 18 14:11:14 desktop64 cred-debug: send() failed Jul 18 14:11:18 desktop64 cred-debug: recv() failed Jul 18 14:11:23 desktop64 cred-debug: recv() failed Jul 18 14:11:28 desktop64 cred-debug: send() failed Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 at 09:51 +0300, Tadas wrote:
After moving to gdm, I've managed to solve the timeout issue. Now i bumped into another one: oVirt agent seem to emit credentials without error:
Dummy-1::DEBUG::2016-07-18 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2016-07-18 09:29:53,294::CredServer::272::root::Token: 250954 Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::132::root::Emitting user authenticated signal (250954). Dummy-1::INFO::2016-07-18 09:29:53,349::CredServer::277::root::Credentials channel was closed.
But pam module is failing: gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire user's credentials
After poking a bit I've managed to find, that module fails on:
if (ret == -1) { D(("send() failed.")); return -1; }
in cred_channel.c
Also, i have to mention, that there's no /etc/pamd/password-auth file in Debian Linux. I've copied it from Centos (it is needed by gdm- ovirtcred.pam)
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
ovirt agent stops on this line and code below it is not executed: https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agen t/CredServer.py#L147 On Mon, 2016-07-18 at 14:12 +0300, Tadas wrote:
This is really interesting. pam-ovirt-cred is randomly failing on one of two checks:
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred /c red_channel.c#L107
and
https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred /c red_channel.c#L134
Theres no pattern, on which step it will fail. Sometimes it fails on writing to socket sometimes on reading:
Jul 18 14:11:02 desktop64 cred-debug: recv() failed Jul 18 14:11:14 desktop64 cred-debug: send() failed Jul 18 14:11:18 desktop64 cred-debug: recv() failed Jul 18 14:11:23 desktop64 cred-debug: recv() failed Jul 18 14:11:28 desktop64 cred-debug: send() failed Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 at 09:51 +0300, Tadas wrote:
After moving to gdm, I've managed to solve the timeout issue. Now i bumped into another one: oVirt agent seem to emit credentials without error:
Dummy-1::DEBUG::2016-07-18 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2016-07-18 09:29:53,294::CredServer::272::root::Token: 250954 Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::132::root::Emitting user authenticated signal (250954). Dummy-1::INFO::2016-07-18 09:29:53,349::CredServer::277::root::Credentials channel was closed.
But pam module is failing: gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire user's credentials
After poking a bit I've managed to find, that module fails on:
if (ret == -1) { D(("send() failed.")); return -1; }
in cred_channel.c
Also, i have to mention, that there's no /etc/pamd/password-auth file in Debian Linux. I've copied it from Centos (it is needed by gdm- ovirtcred.pam)
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Fri, Jul 15, 2016 at 12:50 PM, Tadas <tadas@ring.lt> wrote:
Hello, i'm struggling to get oVirt SSO working on Linux guest VM. I can confirm, that SSO is fully functional on Windows guest (please note it's not a full oVirt installation - I'm just testing oVirt guest agent on virtual machines running on plain KVM hypervisor).
Part of the issue is that you are missing quite a bit of the orchestration that oVirt performs to make SSO work... There may some other issues, but I warmly suggest using oVirt and not the undocumented APIs - which may or may not change in the future, between the agent and other components. Y.
Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor:
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security
Configured /etc/pam.d/kdm-ovirt-cred with:
%PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
Configured /etc/kde4/kdm/kdmrc with:
PluginsLogin=ovirtcred
Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries:
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out.
The only thing that worries me, - are the entries in kdm.log file:
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server.
Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9.
Thank you.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. ------=_NextPart_000_0019_01D1DEB4.405C10B0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable SSO part as simple as emitting correctly formed json to spice socket, - = as I=E2=80=99ve mentioned before, this works fine with windows guests. Problem is only with linux guests. As for undocummented API, yes, = =E2=80=93 you are right, documentation should help alot. It takes time = to reverse engineer code. But having full oVirt solution or not does not change the thing, that = there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very = confident, that this will persist if used Linux guest on oVirt. Perhaps = this is just Debian oriented problem, so I was wondering if anyone had = the same issue here. From: Yaniv Kaul=20 Sent: Friday, July 15, 2016 3:57 PM To: tadas@ring.lt=20 Cc: users=20 Subject: Re: [ovirt-users] Debian linux and oVirt SSO =20 Part of the issue is that you are missing quite a bit of the = orchestration that oVirt performs to make SSO work... There may some other issues, but I warmly suggest using oVirt and not = the undocumented APIs - which may or may not change in the future, = between the agent and other components. Y. Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security Configured /etc/pam.d/kdm-ovirt-cred with: %PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 Configured /etc/kde4/kdm/kdmrc with: PluginsLogin=3Dovirtcred Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. The only thing that worries me, - are the entries in kdm.log file: klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server.=20 Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9. Thank you. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ------=_NextPart_000_0019_01D1DEB4.405C10B0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD> <BODY dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>SSO part as simple as emitting correctly formed json to spice = socket, - as=20 I=E2=80=99ve mentioned before, this works fine with windows = guests.</DIV> <DIV>Problem is only with linux guests. As for undocummented API, yes, = =E2=80=93 you are=20 right, documentation should help alot. It takes time to reverse engineer = code.</DIV> <DIV>But having full oVirt solution or not does not change the thing, = that=20 there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very = confident, that this=20 will persist if used Linux guest on oVirt. Perhaps this is just Debian = oriented=20 problem, so I was wondering if anyone had the same issue here.</DIV> <DIV> </DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"><B>From:</B> <A = title=3Dykaul@redhat.com=20 href=3D"mailto:ykaul@redhat.com">Yaniv Kaul</A> </DIV> <DIV><B>Sent:</B> Friday, July 15, 2016 3:57 PM</DIV> <DIV><B>To:</B> <A title=3Dtadas@ring.lt=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV> <DIV><B>Cc:</B> <A title=3Dusers@ovirt.org = href=3D"mailto:users@ovirt.org">users</A>=20 </DIV> <DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20 SSO</DIV></DIV></DIV> <DIV> </DIV></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV dir=3Dltr> <DIV><BR> </DIV> <DIV class=3Dgmail_extra> <DIV class=3Dgmail_quote> <DIV> </DIV> <DIV>Part of the issue is that you are missing quite a bit of the = orchestration=20 that oVirt performs to make SSO work...</DIV> <DIV>There may some other issues, but I warmly suggest using oVirt and = not the=20 undocumented APIs - which may or may not change in the future, between = the agent=20 and other components.</DIV> <DIV>Y.</DIV> <DIV> </DIV> <BLOCKQUOTE class=3Dgmail_quote=20 style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc = 1px solid"><BR>Steps=20 I've made:<BR>got oVirt guest agent up and running, I can communicate = with it=20 from<BR>hypervisor:<BR><BR>socat=20 = /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<BR>vdi.0 = -<BR>{"__name__": "os-version", "version": = "4.6.0-1-amd64"}<BR>Compiled and=20 copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security<BR><BR>Configured=20 /etc/pam.d/kdm-ovirt-cred=20 = with:<BR><BR>%PAM-1.0<BR>auth =20 required =20 pam_ovirt_cred.so<BR>auth =20 include =20 password-auth<BR>account =20 include = password-auth<BR>password =20 include =20 password-auth<BR>session = required =20 pam_selinux.so close<BR>session =20 required pam_selinux.so=20 open<BR>session = include =20 password-auth<BR><BR>Compiled and copied kgreet_ovirtcred.so to=20 /usr/lib/kde4<BR><BR>Configured /etc/kde4/kdm/kdmrc=20 with:<BR><BR>PluginsLogin=3Dovirtcred<BR><BR>Symptoms:<BR>After = starting kdm, I=20 get login prompt with barely visible title (I<BR>assume it should = spell "oVirt=20 Authentication" from<BR>kgreet_ovirtcred.cpp). Username and password = boxes are=20 inactive - i<BR>cannot enter anything to them. After emitting=20 username/password to<BR>oVirt agent, I can see the following log=20 entries:<BR><BR>Dummy-1::INFO::2016-07-15=20 12:29:51,628::CredServer::207::root::The<BR>following users are = allowed to=20 connect: [0]<BR>Dummy-1::INFO::2016-07-15=20 12:29:51,629::CredServer::273::root::Opening<BR>credentials=20 channel...<BR>Dummy-1::INFO::2016-07-15=20 12:29:51,629::CredServer::132::root::Emitting<BR>user authenticated = signal=20 = (509542).<BR>CredChannel::INFO::2016-07-15<BR>12:29:56,634::CredServer::2= 41::root::Credentials=20 channel timed out.<BR><BR>The only thing that worries me, - are the = entries in=20 kdm.log file:<BR><BR>klauncher(6100) kdemain: No DBUS session-bus = found. Check=20 if you have<BR>started the DBUS server. <BR><BR>Since oVirt guest = agent sends=20 wakeup message to greeter plugin via<BR>Dbus, perhaps this is the = problem?=20 Maybe someone had the same problem<BR>here?<BR>This happens on Debian = 8 and=20 9.<BR><BR>Thank=20 = you.<BR><BR><BR>_______________________________________________<BR>Users = mailing list<BR><A = href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20 href=3D"http://lists.ovirt.org/mailman/listinfo/users" = rel=3Dnoreferrer=20 = target=3D_blank>http://lists.ovirt.org/mailman/listinfo/users</A><BR></BL= OCKQUOTE></DIV> <DIV> </DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_0019_01D1DEB4.405C10B0--
participants (3)
-
Tadas -
Vinzenz Feenstra -
Yaniv Kaul