On 11/26/18 4:51 AM, Anastasiya Ruzhanskaya wrote: > Hello everyone! > > I am trying without any success to decipher traffic from client to server > in virt-manager in wireshark, but I don't know the sessioon key there, so > seems no chance to do this. > > This is why I want to ask, is any info related to the certificate sent > through the connection?> Or if I use kerberos protocol for authentication, > will the user id be sent in every message from client to server? Or only > during authentication?
This is not really a libvirt question, but I will try to answer it anyway. Firstly, you can use disable TLS and use plain TCP to see libvirt packets flying by (e.g. qemu+tcp://localhost/system). Secondly, TLS is a whole another beast. There is plenty of documentation on the internet. The server certificate is not transferred, if it was it wouldn't be trustworthy anyway. Instead, server sends a signed message and from there and from PKI the client can work out whether the server really is who they claim to be. There is a bunch of so called certificate authorities which sign other servers certificates so that chain of trust can be built. Again, very brief and useless description. For Kerberos, the username is sent, however only in the kinit phase. At this point, the kerberos client gets so called ticket which it then uses to authenticate to other services (so no username nor password is sent). Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list