search for: spice_tl

...d.conf) I set key_file = ... cert_file = ... ca_file = ... But after connect and lauching (on bambus) vm I tried to snif traffic to bambus:5900 on client) and wireshark was able to detect "VNC" protocol (BTW not spice?), so I am confused. should I configure in /etc/libvirt/qemu.conf spice_tls option and certificates ? KJ

...is because there might be various requirements for various use cases. > protocol (BTW not spice?), so I am confused. > should I configure in /etc/libvirt/qemu.conf > There is default_tls which should be enough to start, then you need to turn on tls usage for want. There's vnc_tls, spice_tls, vxhs_tls, nbd_tls, migrate_tls, backup_tls, and you can even configure different certificates for each of them. >spice_tls option and certificates ? > That, and also don't forget to configure the domain XML so that it uses what you want, probably something like: <graphics type=...

...kvmhost01 in /etc/qemu-kvm/krb5.tab - the above file has owner:group set to qemu:root with perms 600 - I have the following in /etc/sasl2/qemu-kvm.conf mech_list: gssapi keytab: /etc/qemu-kvm/krb5.tab - I have the following in /etc/libvirt/qemu.conf spice_listen = "0.0.0.0" spice_tls = 0 spice_sasl = 1 spice_sasl_dir = "/etc/sasl2/" - the first time I try to view a console, I get the kerberos tickets I expect to: Ticket cache: KEYRING:persistent:625400004:krb_ccache_7rtJmh8 Default principal: ranbir at THEINSIDE.RNR Valid starting Expires...