[ovirt-users] Debian linux and oVirt SSO

Tadas tadas at ring.lt
Fri Jul 15 13:16:32 UTC 2016 

SSO part as simple as emitting correctly formed json to spice socket, - as I’ve  mentioned before, this works fine with windows guests.
Problem is only with linux guests. As for undocummented API, yes, – you are right, documentation should help alot. It takes time to reverse engineer code.
But having full oVirt solution or not does not change the thing, that there’s something wrong with linux kde plugin. I’m very confident, that this will persist if used Linux guest on oVirt. Perhaps this is just Debian oriented problem, so I was wondering if anyone had the same issue here.


From: Yaniv Kaul 
Sent: Friday, July 15, 2016 3:57 PM
To: tadas at ring.lt 
Cc: users 
Subject: Re: [ovirt-users] Debian linux and oVirt SSO


 

Part of the issue is that you are missing quite a bit of the orchestration that oVirt performs to make SSO work...
There may some other issues, but I warmly suggest using oVirt and not the undocumented APIs - which may or may not change in the future, between the agent and other components.
Y.


  Steps I've made:
  got oVirt guest agent up and running, I can communicate with it from
  hypervisor:

  socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
  vdi.0 -
  {"__name__": "os-version", "version": "4.6.0-1-amd64"}
  Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security

  Configured /etc/pam.d/kdm-ovirt-cred with:

  %PAM-1.0
  auth        required    pam_ovirt_cred.so
  auth        include     password-auth
  account     include     password-auth
  password    include     password-auth
  session     required    pam_selinux.so close
  session     required    pam_selinux.so open
  session     include     password-auth

  Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4

  Configured /etc/kde4/kdm/kdmrc with:

  PluginsLogin=ovirtcred

  Symptoms:
  After starting kdm, I get login prompt with barely visible title (I
  assume it should spell "oVirt Authentication" from
  kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
  cannot enter anything to them. After emitting username/password to
  oVirt agent, I can see the following log entries:

  Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
  following users are allowed to connect: [0]
  Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
  credentials channel...
  Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting
  user authenticated signal (509542).
  CredChannel::INFO::2016-07-15
  12:29:56,634::CredServer::241::root::Credentials channel timed out.

  The only thing that worries me, - are the entries in kdm.log file:

  klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
  started the DBUS server. 

  Since oVirt guest agent sends wakeup message to greeter plugin via
  Dbus, perhaps this is the problem? Maybe someone had the same problem
  here?
  This happens on Debian 8 and 9.

  Thank you.


  _______________________________________________
  Users mailing list
  Users at ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160715/470dfb46/attachment-0001.html>

More information about the Users mailing list