"Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > On Thu, Nov 29, 2007 at 05:18:06PM +0000, Daniel P. Berrange wrote: >> This patch provides the ability to configure what authentication mechanism >> is used on each socket - UNIX RW, UNIX RO, TCP, and TLS sockets - all can >> have independant settings. By default the UNIX & TLS sockets have no auth, >> and the TCP socket has SASL auth enabled. The /etc/libvirt/libvirtd.conf >> file lets you override these options. >> >> There is also a new sasl_allowed_username_list = ["admin"] config >> param to let you whitelist the users you want to allow. This supports >> use of wildcards. The username is dependnat on the SASL auth mechanism. >> For DIGEST-MD5 it will be plain usernames, for Kerberos it will be a >> username + realm, eg admin EXAMPLE COM >> >> After discussion with Rich, I also remove the tls_allowed_ip_list for >> whitelisting source IP addresses. This was a) not protecting us because >> it was only checked after the TLS handshake - thus allowing trivial DOS >> attack b) much easier to handle via tcp wrappers, or IPtables. c) only >> ever checked for the TLS socket d) IP addresses are easily spoofed. >> >> If summary, if you're using a real authentication mechanism, this is >> only useful for protecting against DOS attacks & that's better done by >> iptables. > > Rebased to take account of Jim's changes, and incorporated fixes to the > config file This looks fine. Thanks for preserving my convention of "#var = ..." (no space after '#') in the config file. I have a test that depends on that -- will post it after you commit this change. I find code/diffs easier to read when the lines themselves fit in 80 columns. There are lots of 100+-byte lines here. I know some are generated, but I'll be happy to normalize the others once this is checked in. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list