virt-ark / libvirt

Clone
Source Code
GIT

3c647ee Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

Authored and Committed by berrange 7 years ago
raw patch tree parent
3 files changed. 103 lines added. 37 lines removed.
daemon/libvirtd.sasl
file modified
+29 -15
docs/auth.html.in
file modified
+71 -19
libvirt.spec.in
file modified
+3 -3 
    Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
    
    RFC 6331 documents a number of serious security weaknesses in
    the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
    by using it as a default mechanism. GSSAPI is the only other
    viable SASL mechanism that can provide secure session encryption
    so enable that by defalt as the replacement.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
file modified
+29 -15
file modified
+71 -19
file modified
+3 -3
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.