Skip to content

Setup TCP Authorization

Ihor Dvoretskyi edited this page Aug 23, 2016 · 1 revision

Adding users and setting their passwords is done with the saslpasswd2 command. When running this command it is important to tell it that the appname is libvirt. As an example, to add a user fred, run

$ sudo saslpasswd2 -a libvirt fred
Password: xxxxxx
Again (for verification): xxxxxx

To see a list of all accounts the sasldblistusers2 command can be used. This command expects to be given the path to the libvirt user database, which is kept in /etc/libvirt/passwd.db

$ sudo sasldblistusers2 -f /etc/libvirt/passwd.db
fred@webvirtmgr.net: userPassword

To disable a user's access, use the command saslpasswd2 with the -d

$ sudo saslpasswd2 -a libvirt -d fred

Verify settings

Before you add the ip address of your server in the control center perform the following test

$ virsh -c qemu+tcp://IP_address/system nodeinfo
Please enter your authentication name: fred
Please enter your password: xxxxxx
CPU model:           x86_64
CPU(s):              2
CPU frequency:       2611 MHz
CPU socket(s):       1
Core(s) per socket:  2
Thread(s) per core:  1
NUMA cell(s):        1
Memory size:         2019260 kB

If you have same error:

$ virsh -c qemu+tcp://IP_address/system nodeinfo
Please enter your authentication name: fred
Please enter your password:
error: authentication failed: authentication failed
error: failed to connect to the hypervisor

Try input login with domain (hostname):

$ sasldblistusers2 -f /etc/libvirt/passwd.db
fred@webvirtmgr.net: userPassword