Re: [libvirt] tls_allowed_ip_list?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote:
> All,
>      While doing testing on TLS, I came across the mention of
> "tls_allowed_ip_list" in the website documentation, here:
> 
> http://libvirt.org/remote.html#Remote_libvirtd_configuration
> 
> However, I don't see any implementation of the tls_allowed_ip_list in libvirt
> itself; a grep through the sources show that we are implementing
> "tls_allowed_dn_list", but not "tls_allowed_ip_list".  Am I missing something in
> the sources?  Should we update the libvirt.org documentation and remove that
> (seemingly non-existent) parameter?  Or should I go in and implement the
> "tls_allowed_ip_list"?

That functionality was removed because it is utterly worthless as an
access control feature, and if you want to block rogue IP (ranges) you
can do it in iptables far more efficiently & flexibly anyway. The
docs just need to be removed

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]