features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
</pre>
<p>
-Next it is necessary for the administrator of the Kerberos realm to issue a principle
-for the libvirt server. There needs to be one principle per host running the libvirt
-daemon. The principle should be named <code>libvirt/full.hostname@KERBEROS.REALM</code>.
-This is typically done by running the <code>kadmin.local</code> command on the Kerberos
-server, though some Kerberos servers have alternate ways of setting up service principles.
-Once created, the principle should be exported to a keytab, copied to the host running
-the libvirt daemon and placed in <code>/etc/libvirt/krb5.tab</code>
+Next it is necessary for the administrator of the Kerberos realm to
+issue a principal for the libvirt server. There needs to be one
+principal per host running the libvirt daemon. The principal should be
+named <code>libvirt/full.hostname@KERBEROS.REALM</code>. This is
+typically done by running the <code>kadmin.local</code> command on the
+Kerberos server, though some Kerberos servers have alternate ways of
+setting up service principals. Once created, the principal should be
+exported to a keytab, copied to the host running the libvirt daemon
+and placed in <code>/etc/libvirt/krb5.tab</code>
</p>
<pre>
# kadmin.local
</pre>
<p>
Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principle. This may well
+merely needs to run <code>kinit</code> to gain a user principal. This may well
be done automatically when a user logs into a desktop session, if PAM is setup
to authenticate against Kerberos.
</p>
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff