On Mon, Jun 02, 2008 at 10:52:19AM +0100, Richard W.M. Jones wrote: > http://libvirt.org/remote.html#Remote_libvirtd_configuration > > listen_tcp = 1 > > I believe you also need to edit /etc/sysconfig/libvirtd and uncomment: > > LIBVIRTD_ARGS="--listen" > > and of course open firewall port 16509 if necessary. > > Then you should be able to connect remotely using this URI: > > xen+tcp://hostname/ > > TCP connections are totally insecure, so you should only do this on a > private network. This is no longer true. Recent libvirt will enable SASL authentication on the TCP socket by default, and the default SASL config for libvirt turns on digest-md5 which provides by username+password authentication and subsquent session encryption. You can also switch SASL to use kerberos which again provides auth & session encryption. With either digest-md5 or Kerberos, the security is on a par with SSL/TLS in terms of encryption strength http://libvirt.org/auth.html#ACL_server_username Regards, Daniel. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| _______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools
