13 Mar
2017
13 Mar
'17
9:54 a.m.
On 03/13/2017 01:51 PM, Daniel P. Berrange wrote:
RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- daemon/libvirtd.sasl | 44 +++++++++++++++++--------- docs/auth.html.in | 89 +++++++++++++++++++++++++++++++++++++++++----------- libvirt.spec.in | 6 ++-- 3 files changed, 102 insertions(+), 37 deletions(-)
ACK Michal