]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7b89f85) | patch
Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
authorDaniel P. Berrange <berrange@redhat.com>
Mon, 13 Mar 2017 12:15:57 +0000 (12:15 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Wed, 15 Mar 2017 18:14:51 +0000 (18:14 +0000)
commit3c647ee4bbb25078c0f7cc59a79221ccb7d438f0
tree8ef1bd35bdd3d4ceb2190813b797f6f84fc766dftree
parent7b89f857d9b4ecf4211aaab2922719dcca38c962commit | diff
Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

RFC 6331 documents a number of serious security weaknesses in
the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
by using it as a default mechanism. GSSAPI is the only other
viable SASL mechanism that can provide secure session encryption
so enable that by defalt as the replacement.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
daemon/libvirtd.sasl diff | blob | blame | history
docs/auth.html.in diff | blob | blame | history
libvirt.spec.in diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git