[libvirt] tls_allowed_ip_list?
Daniel Veillard
veillard at redhat.com
Tue Mar 3 09:03:11 UTC 2009
On Tue, Mar 03, 2009 at 08:50:54AM +0000, Daniel P. Berrange wrote:
> On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote:
> > All,
> > While doing testing on TLS, I came across the mention of
> > "tls_allowed_ip_list" in the website documentation, here:
> >
> > http://libvirt.org/remote.html#Remote_libvirtd_configuration
> >
> > However, I don't see any implementation of the tls_allowed_ip_list in libvirt
> > itself; a grep through the sources show that we are implementing
> > "tls_allowed_dn_list", but not "tls_allowed_ip_list". Am I missing something in
> > the sources? Should we update the libvirt.org documentation and remove that
> > (seemingly non-existent) parameter? Or should I go in and implement the
> > "tls_allowed_ip_list"?
>
> That functionality was removed because it is utterly worthless as an
> access control feature, and if you want to block rogue IP (ranges) you
> can do it in iptables far more efficiently & flexibly anyway. The
> docs just need to be removed
okay, even simpler, I will do it before the release !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list