On Mon, Mar 08, 2021 at 10:41:55AM +0000, Daniel P. Berrangé wrote:
On Fri, Mar 05, 2021 at 08:02:49AM +0100, Erik Skultety wrote:
On Thu, Mar 04, 2021 at 06:10:11PM +0000, Daniel P. Berrangé wrote:
GSSAPI and SCRAM-SHA-256 are the only two SASL mechanisms we especially want people to be using. Even the latter is a little questionable due to storing passwords in cleartext on the server.
At what point of the SCRAM-SHA-256 auth process is password handled as clear text? I mean I tried to look up the issue you mention and couldn't find anything, quite the contrary, e.g. Postgres says SCRAM-SHA-256 is the only recommended scheme for password-based auth and storing passwords in clear text is not possible. Isn't it kind of the point that passwords are never stored in clear text with this scheme?
You can clearly see the passwd in clear text in the file
Add a new user
$ echo "fish food" | saslpasswd2 -a libvirt demo
Look for the password:
$ strings /etc/libvirt/passwd.db | grep fish fish food
The actual mechanism protocol does send in clear text over the wire. The storage in clear text on the server side is simply a choice of the cyrus-sasl impl of this mechanism documented here:
https://www.cyrusimap.org/sasl/sasl/faqs/plaintextpasswords.html
So if this is the case, why are we even bothering promoting an insecure solution, why not promote only GSSAPI for the reasons given? Backcompat? Erik