[libvirt-users] acceptable SASL mechanisms/can libvirt authenticate against PAM
Dave Allan
dallan at redhat.com
Wed Dec 14 14:27:51 UTC 2011
On Wed, Dec 14, 2011 at 09:13:32AM +0000, Daniel P. Berrange wrote:
> On Tue, Dec 13, 2011 at 10:57:25PM -0500, Dave Allan wrote:
> > I was playing with SASL authentication a bit today and I wasn't able
> > to get libvirt to authenticate against PAM (or anything else except
> > the sasldb, although I didn't try Kerberos). Does anybody know off
> > the top of their head what mechanisms/password check options work?
> > I'm trying to figure out if I'm attempting the impossible.
>
> If you are configuring SASL for the tcp socket it will refuse to use
> SASL mechanisms which do not support encryption, which is all of them
> except Kerberos or Digest-MD5.
>
> If you are configuring SASL for the TLS socket it will allow any
> SASL mechanism, since TLS provides the encryption
Ah, I left out the most salient detail: I was trying it on the unix rw
socket. libvirtd.conf says "For non-TCP or TLS sockets, any scheme is
allowed." The way I read that, I'd expect any scheme to work with the
unix rw socket, is that right?
Dave
More information about the libvirt-users
mailing list