"Daniel P. Berrange" <berrange@redhat.com> wrote:
On Thu, Nov 29, 2007 at 05:18:06PM +0000, Daniel P. Berrange wrote:
This patch provides the ability to configure what authentication mechanism is used on each socket - UNIX RW, UNIX RO, TCP, and TLS sockets - all can have independant settings. By default the UNIX & TLS sockets have no auth, and the TCP socket has SASL auth enabled. The /etc/libvirt/libvirtd.conf file lets you override these options.
There is also a new sasl_allowed_username_list = ["admin"] config param to let you whitelist the users you want to allow. This supports use of wildcards. The username is dependnat on the SASL auth mechanism. For DIGEST-MD5 it will be plain usernames, for Kerberos it will be a username + realm, eg admin EXAMPLE COM
After discussion with Rich, I also remove the tls_allowed_ip_list for whitelisting source IP addresses. This was a) not protecting us because it was only checked after the TLS handshake - thus allowing trivial DOS attack b) much easier to handle via tcp wrappers, or IPtables. c) only ever checked for the TLS socket d) IP addresses are easily spoofed.
If summary, if you're using a real authentication mechanism, this is only useful for protecting against DOS attacks & that's better done by iptables.
Rebased to take account of Jim's changes, and incorporated fixes to the config file
This looks fine. Thanks for preserving my convention of "#var = ..." (no space after '#') in the config file. I have a test that depends on that -- will post it after you commit this change. I find code/diffs easier to read when the lines themselves fit in 80 columns. There are lots of 100+-byte lines here. I know some are generated, but I'll be happy to normalize the others once this is checked in.