On Wed, Dec 14, 2011 at 09:27:51AM -0500, Dave Allan wrote:
On Wed, Dec 14, 2011 at 09:13:32AM +0000, Daniel P. Berrange wrote:
On Tue, Dec 13, 2011 at 10:57:25PM -0500, Dave Allan wrote:
I was playing with SASL authentication a bit today and I wasn't able to get libvirt to authenticate against PAM (or anything else except the sasldb, although I didn't try Kerberos). Does anybody know off the top of their head what mechanisms/password check options work? I'm trying to figure out if I'm attempting the impossible.
If you are configuring SASL for the tcp socket it will refuse to use SASL mechanisms which do not support encryption, which is all of them except Kerberos or Digest-MD5.
If you are configuring SASL for the TLS socket it will allow any SASL mechanism, since TLS provides the encryption
Ah, I left out the most salient detail: I was trying it on the unix rw socket. libvirtd.conf says "For non-TCP or TLS sockets, any scheme is allowed." The way I read that, I'd expect any scheme to work with the unix rw socket, is that right?
It should allow any scheme with UNIX sockets, but I doubt we've tested that to make sure Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|