On Fri, Jul 05, 2019 at 12:46:44PM +0200, Sahid Orentino Ferdjaoui wrote: > On Fri, Jul 05, 2019 at 09:55:37AM +0100, Daniel P. Berrangé wrote: > > On Thu, Jul 04, 2019 at 12:15:28PM +0200, Sahid Orentino Ferdjaoui wrote: > > > Not sure what the problem is by using 'scram-sha-1' with ubuntu: > > > > > > cannot list SASL mechanisms -4 (SASL(-4): no mechanism available: > > > Internal Error -4 in ../../lib/server.c near line 1762) > > > > For some strange reason Debian decided to put the scram plugin > > in the libsasl2-modules-gssapi-mit package so i expect you're > > missing that in the test env. > > I tried but that does not work either. Also with > libsasl2-modules-gssapi-heimda. > > > > So we currently switch the mech to digest-md5. Seems that libvirt-go > > > is doing same. > > > > That's a historical accident, not good practice ! > > I reported the issue in ubuntu [0] and it looks like it's actually > libvirt which does not support it without TLS. Oh yes, I missed that you're not using TLS here. the scram-sha-1 auth requires an external encryption layer, while digest-md5 includes (broken) encryption. > So I imagine digest-md5 is fine for the purpose of testing. It is horribly insecure, but yes it is fine for testing. So for this patch Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
