Re: [Libvir] PATCH: 3/10: auth configuration support
"Daniel P. Berrange" <berrange(a)redhat.com> wrote:
On Thu, Nov 29, 2007 at 05:18:06PM +0000, Daniel P. Berrange wrote:
> This patch provides the ability to configure what authentication mechanism
> is used on each socket - UNIX RW, UNIX RO, TCP, and TLS sockets - all can
> have independant settings. By default the UNIX & TLS sockets have no auth,
> and the TCP socket has SASL auth enabled. The /etc/libvirt/libvirtd.conf
> file lets you override these options.
>
> There is also a new sasl_allowed_username_list = ["admin"] config
> param to let you whitelist the users you want to allow. This supports
> use of wildcards. The username is dependnat on the SASL auth mechanism.
> For DIGEST-MD5 it will be plain usernames, for Kerberos it will be a
> username + realm, eg admin EXAMPLE COM
>
> After discussion with Rich, I also remove the tls_allowed_ip_list for
> whitelisting source IP addresses. This was a) not protecting us because
> it was only checked after the TLS handshake - thus allowing trivial DOS
> attack b) much easier to handle via tcp wrappers, or IPtables. c) only
> ever checked for the TLS socket d) IP addresses are easily spoofed.
>
> If summary, if you're using a real authentication mechanism, this is
> only useful for protecting against DOS attacks & that's better done by
> iptables.
Rebased to take account of Jim's changes, and incorporated fixes to the
config file
This looks fine.
Thanks for preserving my convention of "#var = ..." (no space after
'#')
in the config file. I have a test that depends on that -- will post it
after you commit this change.
I find code/diffs easier to read when the lines themselves fit in 80 columns.
There are lots of 100+-byte lines here. I know some are generated, but
I'll be happy to normalize the others once this is checked in.