On Wed, Dec 14, 2011 at 09:27:51AM -0500, Dave Allan wrote: > On Wed, Dec 14, 2011 at 09:13:32AM +0000, Daniel P. Berrange wrote: > > On Tue, Dec 13, 2011 at 10:57:25PM -0500, Dave Allan wrote: > > > I was playing with SASL authentication a bit today and I wasn't able > > > to get libvirt to authenticate against PAM (or anything else except > > > the sasldb, although I didn't try Kerberos). Does anybody know off > > > the top of their head what mechanisms/password check options work? > > > I'm trying to figure out if I'm attempting the impossible. > > > > If you are configuring SASL for the tcp socket it will refuse to use > > SASL mechanisms which do not support encryption, which is all of them > > except Kerberos or Digest-MD5. > > > > If you are configuring SASL for the TLS socket it will allow any > > SASL mechanism, since TLS provides the encryption > > Ah, I left out the most salient detail: I was trying it on the unix rw > socket. libvirtd.conf says "For non-TCP or TLS sockets, any scheme is > allowed." The way I read that, I'd expect any scheme to work with the > unix rw socket, is that right? It should allow any scheme with UNIX sockets, but I doubt we've tested that to make sure Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
