Re: [libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- daemon/libvirtd.sasl | 44 +++++++++++++++++--------- docs/auth.html.in | 89 +++++++++++++++++++++++++++++++++++++++++----------- libvirt.spec.in | 6 ++-- 3 files changed, 102 insertions(+), 37 deletions(-)