[Libvir] PATCH: 3/10: auth configuration support

Jim Meyering jim at meyering.net
Mon Dec 3 12:43:01 UTC 2007


"Daniel P. Berrange" <berrange at redhat.com> wrote:

> On Thu, Nov 29, 2007 at 05:18:06PM +0000, Daniel P. Berrange wrote:
>> This patch provides the ability to configure what authentication mechanism
>> is used on each socket - UNIX RW, UNIX RO, TCP, and TLS sockets - all can
>> have independant settings. By default the UNIX & TLS sockets have no auth,
>> and the TCP socket has SASL auth enabled. The /etc/libvirt/libvirtd.conf
>> file lets you override these options.
>>
>> There is also a new  sasl_allowed_username_list = ["admin"]  config
>> param to let you whitelist the users you want to allow.  This supports
>> use of wildcards. The username is dependnat on the SASL auth mechanism.
>> For DIGEST-MD5 it will be plain usernames, for Kerberos it will be a
>> username + realm, eg  admin EXAMPLE COM
>>
>> After discussion with Rich, I also remove the tls_allowed_ip_list for
>> whitelisting source IP addresses. This was a) not protecting us because
>> it was only checked after the TLS handshake - thus allowing trivial DOS
>> attack b) much easier to handle via tcp wrappers, or IPtables. c) only
>> ever checked for the TLS socket d) IP addresses are easily spoofed.
>>
>> If summary, if you're using a real authentication mechanism, this is
>> only useful for protecting against DOS attacks & that's better done by
>> iptables.
>
> Rebased to take account of Jim's changes, and incorporated fixes to the
> config file

This looks fine.
Thanks for preserving my convention of "#var = ..." (no space after '#')
in the config file.  I have a test that depends on that -- will post it
after you commit this change.

I find code/diffs easier to read when the lines themselves fit in 80 columns.
There are lots of 100+-byte lines here.  I know some are generated, but
I'll be happy to normalize the others once this is checked in.




More information about the libvir-list mailing list