Re: [libvirt PATCH 0/2] docs: less docs for insecure SASL mechanisms
On Fri, Mar 05, 2021 at 08:02:49AM +0100, Erik Skultety wrote:
On Thu, Mar 04, 2021 at 06:10:11PM +0000, Daniel P. Berrangé wrote:
> GSSAPI and SCRAM-SHA-256 are the only two SASL mechanisms we
> especially want people to be using. Even the latter is a little
> questionable due to storing passwords in cleartext on the server.
At what point of the SCRAM-SHA-256 auth process is password handled as clear
text? I mean I tried to look up the issue you mention and couldn't find
anything, quite the contrary, e.g. Postgres says SCRAM-SHA-256 is the only
recommended scheme for password-based auth and storing passwords in clear text
is not possible. Isn't it kind of the point that passwords are never stored in
clear text with this scheme?
You can clearly see the passwd in clear text in the file
Add a new user
$ echo "fish food" | saslpasswd2 -a libvirt demo
Look for the password:
$ strings /etc/libvirt/passwd.db | grep fish
fish food
The actual mechanism protocol does send in clear text over the wire.
The storage in clear text on the server side is simply a choice of the
cyrus-sasl impl of this mechanism documented here:
https://www.cyrusimap.org/sasl/sasl/faqs/plaintextpasswords.html
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|