search for: clientkey

On 08/12/2010 10:29 AM, Lars Kellogg-Stedman wrote: > Hello all, > > I'm trying to get virsh (and virt-manager) to talk to a remote libvirt > instance. I cannot for the life of me figure out how to tell either > tool where to find client or CA certificates. Do they *really* need > to access the ones in /etc/pki? In particular, the client seems to > want to read the

...g = $ldap_master->start_tls( verify => "$config{verify}", clientcert => "$config{clientcert}", clientkey => "$config{clientkey}", cafile => "$config{cafile}" ); + if ($mesg->code) { + warn("Could not start_tls: " . $mesg-&gt...

...to use: virt-v2v -f virt-v2v.conf -ic esx://esxhost/?no_verify=1 -op vm_nfs 'HPTRIM Sandbox' virt-v2v -f virt-v2v.conf -ic esx://esxhost/ -op vm_nfs 'HPTRIM Sandbox' I have eliminated libvirt error messages (all #38) relating to /etc/pki/CA/cacert.pem and /etc/pki/libvirt/private/clientkey.pem by creating those files on KVM host according to info on this page: http://libvirt.org/remote.html#Remote_libvirtd_configuration Now I am down to a simple connection refused error message: virt-v2v: Failed to connect to esx://esxhost/: libvirt error code: 38, message: unable to connect to ...

...766072-2910717368" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" verify="optional" cafile="/etc/openldap/slapd-cert.pem" clientcert="/etc/smbldap-tools/smbldap-tools.pem" clientkey="/etc/smbldap-tools/smbldap-tools.key" suffix="dc=borkholder,dc=com" usersdn="ou=People,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=People,${suffix}" sambaUnixIdPooldn="cn=Uidpool,ou=Peop...

...: doRemoteOpen:564 : proceeding with name = esx:///system 17:06:16.069: debug : initialise_gnutls:1145 : loading CA file /etc/pki/CA/cacert.pem 17:06:16.070: debug : initialise_gnutls:1158 : loading client cert and key from files /etc/pki/libvirt/clientcert.pem and /etc/pki/libvirt/private/clientkey.pem 17:06:16.074: debug : do_open:1122 : driver 4 remote returned ERROR 17:06:16.074: debug : virUnrefConnect:259 : unref connection 0x903e078 1 17:06:16.074: debug : virReleaseConnect:216 : release connection 0x903e078 error: unable to connect to libvirtd at a.b.c.d': Connectio...

...SID="S-1-5-21-158730468-2379596502-3695168017" sambaDomain="REALM" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" verify="require" cafile="" clientcert="" clientkey="" suffix="dc=example,dc=com" usersdn="ou=people,${suffix}" computersdn="ou=computers,${suffix}" groupsdn="ou=groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" scope="sub" hash_encrypt="CRYPT&quo...

Hi all, I'm trying to figure out how to get my desktop talking to two libvirt hosts using qemu+tls and I've read that virsh relies on hard coded paths to the certificates.. which seems to be true. Is there a way to tell virsh to use a different path to a certificate, or another way people solve this presently? Cheers, Ant -------------- next part -------------- An HTML attachment was

...t; SID="S-1-5-21-1628075765-904855948-1163074499" sambaDomain="XXXXL_DOM" slaveLDAP="localhost" slavePort="389" masterLDAP="localhost" masterPort="389" ldapTLS="0" verify="" cafile="" clientcert="" clientkey="" suffix="dc=mydom,dc=com,dc=ar" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=XXXXXL_DOM,${suffix}" scope="...

...; masterLDAP="localhost" masterPort="389" slaveLDAP="localhost" slavePort="10389" ldapTLS="0" verify="none" cafile="/noexist" clientcert="/noexist" clientkey="/noexist" suffix="dc=boxAA,dc=boxx,dc=boxx" usersdn="ou=Users,${suffix}" groupsdn="ou=Groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" scope="sub" has...

...); + salt = buffer_get_data(t_base64_decode_str(fields[1]), &salt_len); + str = t_str_new(strlen(fields[2])); + + /* FIXME: credentials should be SASLprepped UTF8 data here */ + Hi((const unsigned char *)plaintext, strlen(plaintext), salt, salt_len, + iter, salted_password); + + /* Calculate ClientKey */ + hmac_init(&ctx, salted_password, sizeof(salted_password), + &hash_method_sha1); + hmac_update(&ctx, "Client Key", 10); + hmac_final(&ctx, client_key); + + /* Calculate StoredKey */ + sha1_get_digest(client_key, sizeof(client_key), stored_key); + base64_encode(store...

...A and certificates on both Kontron PC and our board. Libvirtd.conf was modified so that libvirt is listening all IPs using default IP These directories and files created and used. /etc/pki/CA/cacert.pem /etc/pki/libvirt/private/serverkey.pem /etc/pki/libvirt/servercert.pem /etc/pki/libvirt/private/clientkey.pem /etc/pki/libvirt/clientcert.pem TLS connection worked fine with Kontron PC # virsh -c qemu+tls://localhost/system version Compiled against library: libvir 0.9.5 Using library: libvir 0.9.5 Using API: QEMU 0.9.5 Running hypervisor: QEMU 0.12.1 But libvirt crashed on our board (using libvirt...

...was modified so that libvirt is listening all IPs using default IP (so that it was possible to use same certificates on all machines) These directories and files created and used. /etc/pki/CA/cacert.pem /etc/pki/libvirt/private/serverkey.pem /etc/pki/libvirt/servercert.pem /etc/pki/libvirt/private/clientkey.pem /etc/pki/libvirt/clientcert.pem TLS connection worked fine with Kontron PC # virsh -c qemu+tls://localhost/system version Compiled against library: libvir 0.9.5 Using library: libvir 0.9.5 Using API: QEMU 0.9.5 Running hypervisor: QEMU 0.12.1 But libvirt crashed on our Board (using libvirt 0...

...48882972-3065312840" slaveLDAP="smbtest.soil.ncsu.edu" slavePort="389" masterLDAP="smbtest.soil.ncsu.edu" masterPort="389" ldapTLS="1" verify="require" cafile="/var/ssl/cacert.pem" clientcert="/var/ssl/ldapcrt.pem" clientkey="/var/ssl/ldapkey.pem" suffix="dc=soil,dc=ncsu,dc=edu" usersdn="ou=People,dc=soil,dc=ncsu,dc=edu" computersdn="ou=Computers,dc=soil,dc=ncsu,dc=edu" groupsdn="ou=Groups,dc=soil,dc=ncsu,dc=edu" scope="sub" hash_encrypt="SSHA" userL...

...48882972-3065312840" slaveLDAP="smbtest.soil.ncsu.edu" slavePort="389" masterLDAP="smbtest.soil.ncsu.edu" masterPort="389" ldapTLS="1" verify="require" cafile="/var/ssl/cacert.pem" clientcert="/var/ssl/ldapcrt.pem" clientkey="/var/ssl/ldapkey.pem" suffix="dc=soil,dc=ncsu,dc=edu" usersdn="ou=People,dc=soil,dc=ncsu,dc=edu" computersdn="ou=Computers,dc=soil,dc=ncsu,dc=edu" groupsdn="ou=Groups,dc=soil,dc=ncsu,dc=edu" scope="sub" hash_encrypt="SSHA" userL...

...ficate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/etc/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/etc/smbldap-tools/smbldap-tools.key" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=home,dc=us" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn="o...

...ate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/usr/local/etc/lauterbur.slapd-cert.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/usr/local/etc/lauterbur.slapd-key.pem" And from /usr/local/etc/openldap/slapd.conf: . . . TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3 TLSCACertificateFile /usr/local/etc/cacert.pem TLSCertificateFile /usr/local/etc/lauterbur.slapd-cert.pem TLSCertificateKeyFile /usr/local/etc/lauterbur.s...

...ficate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/etc/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/etc/smbldap-tools/smbldap-tools.key" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=home,dc=us" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn="o...

...icate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientcert="/etc/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientkey="/etc/smbldap-tools/smbldap-tools.key" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=domain,dc=com" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn=&quot...

Anybody know whats wrong when the commands smbldap-useradd or populate work fine with ldap but cant create unix/linux accounts ???? Pelase Help. Jorge __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ?gratis! ?Abr? tu cuenta ya! - http://correo.yahoo.com.ar

...ficate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/etc/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/etc/smbldap-tools/smbldap-tools.key" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=magista,dc=de" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn=&quo...