> BTW, will certtool verify certs ala "openssl verify" ?
$ certtool --verify-chain --infile /etc/pki/CA/cacert.pem |grep Verification
Verification output: Verified.
I found the verify-chain option but it doesn't like it when I add my
x509 client cert.
--
Libvir-list mailing list
Libvir-l
> This error message comes from gnutls_certificate_verify_peers2() and
> maps to the annoyingly generic GNUTLS_CERT_INVALID error code.
indeed
>> The server's config has not changed (I've tested against libvirt-bin
>> versions 0.4.4-3ubuntu3.1 and 0.4.0-2ubuntu8.1 on the server side). I
>> have t
I'm having a problem with remote TLS libvirt connections from an
Ubuntu Jaunty client. I've reported the bug here[1] but haven't had
any hits yet so I thought I'd come to the source. Let me know if ya'll
have any ideas or know of any bugs in the versions I'm using (see
below). I just upgraded my cl
> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.
> I don't know how users will be mapped to domains or
Is there any authorization mechanism in libvirt? I've got TLS going so
that only those with a cert signed by my CA are allowed in, but there
appears to be no way for me to only allow them access to certain VMs.
Can I limit folks to specific VMs or VNC ports? Ideally I can allow
access only to those
