<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>SSO part as simple as emitting correctly formed json to spice socket, - as
I’ve mentioned before, this works fine with windows guests.</DIV>
<DIV>Problem is only with linux guests. As for undocummented API, yes, – you are
right, documentation should help alot. It takes time to reverse engineer
code.</DIV>
<DIV>But having full oVirt solution or not does not change the thing, that
there’s something wrong with linux kde plugin. I’m very confident, that this
will persist if used Linux guest on oVirt. Perhaps this is just Debian oriented
problem, so I was wondering if anyone had the same issue here.</DIV>
<DIV> </DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=ykaul@redhat.com
href="mailto:ykaul@redhat.com">Yaniv Kaul</A> </DIV>
<DIV><B>Sent:</B> Friday, July 15, 2016 3:57 PM</DIV>
<DIV><B>To:</B> <A title=tadas@ring.lt
href="mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV>
<DIV><B>Cc:</B> <A title=users@ovirt.org href="mailto:users@ovirt.org">users</A>
</DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV dir=ltr>
<DIV><BR> </DIV>
<DIV class=gmail_extra>
<DIV class=gmail_quote>
<DIV> </DIV>
<DIV>Part of the issue is that you are missing quite a bit of the orchestration
that oVirt performs to make SSO work...</DIV>
<DIV>There may some other issues, but I warmly suggest using oVirt and not the
undocumented APIs - which may or may not change in the future, between the agent
and other components.</DIV>
<DIV>Y.</DIV>
<DIV> </DIV>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><BR>Steps
I've made:<BR>got oVirt guest agent up and running, I can communicate with it
from<BR>hypervisor:<BR><BR>socat
/var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<BR>vdi.0
-<BR>{"__name__": "os-version", "version": "4.6.0-1-amd64"}<BR>Compiled and
copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security<BR><BR>Configured
/etc/pam.d/kdm-ovirt-cred
with:<BR><BR>%PAM-1.0<BR>auth
required
pam_ovirt_cred.so<BR>auth
include
password-auth<BR>account
include password-auth<BR>password
include
password-auth<BR>session required
pam_selinux.so close<BR>session
required pam_selinux.so
open<BR>session include
password-auth<BR><BR>Compiled and copied kgreet_ovirtcred.so to
/usr/lib/kde4<BR><BR>Configured /etc/kde4/kdm/kdmrc
with:<BR><BR>PluginsLogin=ovirtcred<BR><BR>Symptoms:<BR>After starting kdm, I
get login prompt with barely visible title (I<BR>assume it should spell "oVirt
Authentication" from<BR>kgreet_ovirtcred.cpp). Username and password boxes are
inactive - i<BR>cannot enter anything to them. After emitting
username/password to<BR>oVirt agent, I can see the following log
entries:<BR><BR>Dummy-1::INFO::2016-07-15
12:29:51,628::CredServer::207::root::The<BR>following users are allowed to
connect: [0]<BR>Dummy-1::INFO::2016-07-15
12:29:51,629::CredServer::273::root::Opening<BR>credentials
channel...<BR>Dummy-1::INFO::2016-07-15
12:29:51,629::CredServer::132::root::Emitting<BR>user authenticated signal
(509542).<BR>CredChannel::INFO::2016-07-15<BR>12:29:56,634::CredServer::241::root::Credentials
channel timed out.<BR><BR>The only thing that worries me, - are the entries in
kdm.log file:<BR><BR>klauncher(6100) kdemain: No DBUS session-bus found. Check
if you have<BR>started the DBUS server. <BR><BR>Since oVirt guest agent sends
wakeup message to greeter plugin via<BR>Dbus, perhaps this is the problem?
Maybe someone had the same problem<BR>here?<BR>This happens on Debian 8 and
9.<BR><BR>Thank
you.<BR><BR><BR>_______________________________________________<BR>Users
mailing list<BR><A href="mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A
href="http://lists.ovirt.org/mailman/listinfo/users" rel=noreferrer
target=_blank>http://lists.ovirt.org/mailman/listinfo/users</A><BR></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML>