[libvirt PATCH 0/2] docs: less docs for insecure SASL mechanisms
Erik Skultety
eskultet at redhat.com
Mon Mar 8 11:00:03 UTC 2021
On Mon, Mar 08, 2021 at 10:41:55AM +0000, Daniel P. Berrangé wrote:
> On Fri, Mar 05, 2021 at 08:02:49AM +0100, Erik Skultety wrote:
> > On Thu, Mar 04, 2021 at 06:10:11PM +0000, Daniel P. Berrangé wrote:
> > > GSSAPI and SCRAM-SHA-256 are the only two SASL mechanisms we
> > > especially want people to be using. Even the latter is a little
> > > questionable due to storing passwords in cleartext on the server.
> >
> > At what point of the SCRAM-SHA-256 auth process is password handled as clear
> > text? I mean I tried to look up the issue you mention and couldn't find
> > anything, quite the contrary, e.g. Postgres says SCRAM-SHA-256 is the only
> > recommended scheme for password-based auth and storing passwords in clear text
> > is not possible. Isn't it kind of the point that passwords are never stored in
> > clear text with this scheme?
>
> You can clearly see the passwd in clear text in the file
>
> Add a new user
>
> $ echo "fish food" | saslpasswd2 -a libvirt demo
>
> Look for the password:
>
> $ strings /etc/libvirt/passwd.db | grep fish
> fish food
>
> The actual mechanism protocol does send in clear text over the wire.
> The storage in clear text on the server side is simply a choice of the
> cyrus-sasl impl of this mechanism documented here:
>
> https://www.cyrusimap.org/sasl/sasl/faqs/plaintextpasswords.html
So if this is the case, why are we even bothering promoting an insecure
solution, why not promote only GSSAPI for the reasons given? Backcompat?
Erik
More information about the libvir-list
mailing list