File:  [Qemu by Fabrice Bellard] / qemu / qemu.sasl
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs
Tue Apr 24 17:20:53 2018 UTC (3 years, 1 month ago) by root
Branches: qemu, MAIN
CVS tags: qemu1101, qemu1001, qemu1000, qemu0151, qemu0150, qemu0141, qemu0140, qemu0130, qemu0125, qemu0124, qemu0123, qemu0122, qemu0121, qemu0120, qemu0111, qemu0110, HEAD
qemu 0.11.0

    1: # If you want to use the non-TLS socket, then you *must* include
    2: # the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
    3: # ones that can offer session encryption as well as authentication.
    4: #
    5: # If you're only using TLS, then you can turn on any mechanisms
    6: # you like for authentication, because TLS provides the encryption
    7: #
    8: # Default to a simple username+password mechanism
    9: # NB digest-md5 is no longer considered secure by current standards
   10: mech_list: digest-md5
   11: 
   12: # Before you can use GSSAPI, you need a service principle on the
   13: # KDC server for libvirt, and that to be exported to the keytab
   14: # file listed below
   15: #mech_list: gssapi
   16: #
   17: # You can also list many mechanisms at once, then the user can choose
   18: # by adding  '?auth=sasl.gssapi' to their libvirt URI, eg
   19: #   qemu+tcp://hostname/system?auth=sasl.gssapi
   20: #mech_list: digest-md5 gssapi
   21: 
   22: # Some older builds of MIT kerberos on Linux ignore this option &
   23: # instead need KRB5_KTNAME env var.
   24: # For modern Linux, and other OS, this should be sufficient
   25: keytab: /etc/qemu/krb5.tab
   26: 
   27: # If using digest-md5 for username/passwds, then this is the file
   28: # containing the passwds. Use 'saslpasswd2 -a qemu [username]'
   29: # to add entries, and 'sasldblistusers2 -a qemu' to browse it
   30: sasldb_path: /etc/qemu/passwd.db
   31: 
   32: 
   33: auxprop_plugin: sasldb
   34: 

unix.superglobalmegacorp.com