qemu/qemu.sasl
<<
>>
Prefs 
   1# If you want to use the non-TLS socket, then you *must* include
   2# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
   3# ones that can offer session encryption as well as authentication.
   4#
   5# If you're only using TLS, then you can turn on any mechanisms
   6# you like for authentication, because TLS provides the encryption
   7#
   8# Default to a simple username+password mechanism
   9# NB digest-md5 is no longer considered secure by current standards
  10mech_list: digest-md5
  11
  12# Before you can use GSSAPI, you need a service principle on the
  13# KDC server for libvirt, and that to be exported to the keytab
  14# file listed below
  15#mech_list: gssapi
  16#
  17# You can also list many mechanisms at once, then the user can choose
  18# by adding  '?auth=sasl.gssapi' to their libvirt URI, eg
  19#   qemu+tcp://hostname/system?auth=sasl.gssapi
  20#mech_list: digest-md5 gssapi
  21
  22# Some older builds of MIT kerberos on Linux ignore this option &
  23# instead need KRB5_KTNAME env var.
  24# For modern Linux, and other OS, this should be sufficient
  25keytab: /etc/qemu/krb5.tab
  26
  27# If using digest-md5 for username/passwds, then this is the file
  28# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
  29# to add entries, and 'sasldblistusers2 -a qemu' to browse it
  30sasldb_path: /etc/qemu/passwd.db
  31
  32
  33auxprop_plugin: sasldb
  34
  35
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.