[ovirt-users] Debian linux and oVirt SSO
Yaniv Kaul
ykaul at redhat.com
Fri Jul 15 12:57:23 UTC 2016
On Fri, Jul 15, 2016 at 12:50 PM, Tadas <tadas at ring.lt> wrote:
> Hello,
> i'm struggling to get oVirt SSO working on Linux guest VM.
> I can confirm, that SSO is fully functional on Windows guest (please
> note it's not a full oVirt installation - I'm just testing oVirt guest
> agent on virtual machines running on plain KVM hypervisor).
>
Part of the issue is that you are missing quite a bit of the orchestration
that oVirt performs to make SSO work...
There may some other issues, but I warmly suggest using oVirt and not the
undocumented APIs - which may or may not change in the future, between the
agent and other components.
Y.
> Steps I've made:
> got oVirt guest agent up and running, I can communicate with it from
> hypervisor:
>
> socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
> vdi.0 -
> {"__name__": "os-version", "version": "4.6.0-1-amd64"}
> Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security
>
> Configured /etc/pam.d/kdm-ovirt-cred with:
>
> %PAM-1.0
> auth required pam_ovirt_cred.so
> auth include password-auth
> account include password-auth
> password include password-auth
> session required pam_selinux.so close
> session required pam_selinux.so open
> session include password-auth
>
> Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
>
> Configured /etc/kde4/kdm/kdmrc with:
>
> PluginsLogin=ovirtcred
>
> Symptoms:
> After starting kdm, I get login prompt with barely visible title (I
> assume it should spell "oVirt Authentication" from
> kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
> cannot enter anything to them. After emitting username/password to
> oVirt agent, I can see the following log entries:
>
> Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
> following users are allowed to connect: [0]
> Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting
> user authenticated signal (509542).
> CredChannel::INFO::2016-07-15
> 12:29:56,634::CredServer::241::root::Credentials channel timed out.
>
> The only thing that worries me, - are the entries in kdm.log file:
>
> klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
> started the DBUS server.
>
> Since oVirt guest agent sends wakeup message to greeter plugin via
> Dbus, perhaps this is the problem? Maybe someone had the same problem
> here?
> This happens on Debian 8 and 9.
>
> Thank you.
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160715/423c9bf3/attachment-0001.html>
More information about the Users
mailing list