[CentOS-virt] spice server and GSSAPI
m3freak at thesandhufamily.ca
Sat Dec 30 00:43:51 UTC 2017
Does anyone have spice server for KVM Linux guests working with GSSAPI
authentication? I've been trying for a while and I simply can't get it
to work. I don't know what I'm doing wrong. I wouldn't be surprised if
I've misunderstood something.
I followed this guide:
Yes, the above is for VNC consoles. I just adapted that write up for
spice. When I try to connect to a console from either virt-manager or
with virt-viewer, I'm prompted to enter a password (though I shouldn't
be). When I type in my freeipa domain password, it gets rejected.
libvirtd with Kerberos and GSSAPI is working perfectly. I can use
virt-manager from my Fedora 26 desktop with the below URI:
virt-manager connects, I get a list of all the running KVMs and I can
work with them like I would if I was running virt-manager over ssh with
X forwarding. The only that doesn't work is viewing the consoles.
- my host is a fully updated CentOS 7 system
- libvirtd is set to listen for tcp connections
- I added the service spice/kvmhost01.theinside.rnr
- I created a keytab for the above and put it on kvmhost01 in
- the above file has owner:group set to qemu:root with perms 600
- I have the following in /etc/sasl2/qemu-kvm.conf
- I have the following in /etc/libvirt/qemu.conf
spice_listen = "0.0.0.0"
spice_tls = 0
spice_sasl = 1
spice_sasl_dir = "/etc/sasl2/"
- the first time I try to view a console, I get the
kerberos tickets I expect to:
Ticket cache: KEYRING:persistent:625400004:krb_ccache_7rtJmh8
Default principal: ranbir at THEINSIDE.RNR
Valid starting Expires Service principal
2017-12-29 18:37:45 2017-12-30 18:01:40 spice/kvmhost01.theinside.rnr at THEINSIDE.RNR
2017-12-29 18:37:40 2017-12-30 18:01:40 libvirt/kvmhost01.theinside.rnr at THEINSIDE.RNR
2017-12-29 18:01:40 2017-12-30 18:01:40 krbtgt/THEINSIDE.RNR at THEINSIDE.RNR
I'm surprised there isn't more info available about this online. That's
why I'm now here asking for assistance.
Does anyone have any suggestions/advice?
Thanks in advance!
More information about the CentOS-virt