Yes, I already disabled it and found out how the rpc protocol looks like. I just was wondering if something more is sent.
For kerberos, I found quite a good description https://www.roguelynn.com/words/explain-like-im-5-kerberos/, but it only says that this ticket is then used in communication. So, I was wondering how it is used and does any information to client in included in messages further after authentication. пн, 26 нояб. 2018 г. в 16:02, Michal Privoznik <mpriv...@redhat.com>: > On 11/26/18 4:51 AM, Anastasiya Ruzhanskaya wrote: > > Hello everyone! > > > > I am trying without any success to decipher traffic from client to server > > in virt-manager in wireshark, but I don't know the sessioon key there, so > > seems no chance to do this. > > > > This is why I want to ask, is any info related to the certificate sent > > through the connection?> Or if I use kerberos protocol for > authentication, > > will the user id be sent in every message from client to server? Or only > > during authentication? > > This is not really a libvirt question, but I will try to answer it anyway. > > Firstly, you can use disable TLS and use plain TCP to see libvirt > packets flying by (e.g. qemu+tcp://localhost/system). > > Secondly, TLS is a whole another beast. There is plenty of documentation > on the internet. The server certificate is not transferred, if it was it > wouldn't be trustworthy anyway. Instead, server sends a signed message > and from there and from PKI the client can work out whether the server > really is who they claim to be. There is a bunch of so called > certificate authorities which sign other servers certificates so that > chain of trust can be built. Again, very brief and useless description. > > For Kerberos, the username is sent, however only in the kinit phase. At > this point, the kerberos client gets so called ticket which it then uses > to authenticate to other services (so no username nor password is sent). > > Michal >
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list