Re: [libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement.

diff --git a/daemon/libvirtd.sasl b/daemon/libvirtd.sasl index 5e2528d..2be99ef 100644 --- a/daemon/libvirtd.sasl +++ b/daemon/libvirtd.sasl +# If you are only using UNIX, sockets then encryption is not +# required at all. +# +# Since SASL is the default for the libvirtd non-TLS socket, we +# pick a strong mechanism by default. +# +# NB, previously DIGEST-MD5 was set as the default mechanism for +# libvirt. Per RFC 6331 this is vulnerable to many serious security +# flaws as should no longer be used. Thus GSSAPI is now the default.

+# +# To use GSSAPI requires that a libvirtd service principal is +# added to the Kerberos server for each host running libvirtd. +# This principal needs to be exported to the keytab file listed below +mech_list: gssapi

diff --git a/docs/auth.html.in b/docs/auth.html.in index 08feacc..9f2e317 100644 --- a/docs/auth.html.in +++ b/docs/auth.html.in @@ -204,16 +204,71 @@ ResultActive=yes</pre> +Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication +system using the SASL protocol. SASL can be used in combination with libvirtd's TLS +or TCP socket listeners. When used with the TCP listener, the SASL mechanism is +rqeuired to provide session encryption in addition to authentication. Only a very +few SASL mechanisms are able todo this, and of those that can do it, only the

+GSSAPI plugin is considered acceptably secure by modern standards: + </p> + + <dl> + <dt>GSSAPI</dt> + <dd><strong>This is the current default mechanism to use with libvirtd</strong>. + It uses the Kerberos v5 authentication protocol underneath, and assuming + the Kerberos client/server are configured with modern ciphers (AES), + it provides strong session encryption capabilities.</dd> + + <dt>DIGEST-MD5</dt> + <dd>This was previously set as the default mechanism to use with libvirtd. + It provides a simple username/password based authentication mechanism + that includes session encryption. + <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however, + documents a number of serious security flaws with DIGEST-MD5 and as a + result marks it as <code>OBSOLETE</code>. Specific concerns are that + it is vulnerable to MITM attacks and the MD5 hash can be brute-forced + to reveal the password. A replacement is provided via the SCRAM mechanism, + however, note that this is does not provide encryption, so the SCRAM

+ mechanism can only be used on the libvirtd TLS listener. + </dd> +