2007-12-05 18:21:04 +00:00
|
|
|
# If you want to use the non-TLS socket, then you *must* include
|
2008-02-05 19:27:37 +00:00
|
|
|
# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
|
2007-12-05 18:21:04 +00:00
|
|
|
# ones that can offer session encryption as well as authentication.
|
|
|
|
#
|
|
|
|
# If you're only using TLS, then you can turn on any mechanisms
|
|
|
|
# you like for authentication, because TLS provides the encryption
|
|
|
|
#
|
|
|
|
# Default to a simple username+password mechanism
|
|
|
|
mech_list: digest-md5
|
|
|
|
|
|
|
|
# Before you can use GSSAPI, you need a service principle on the
|
|
|
|
# KDC server for libvirt, and that to be exported to the keytab
|
|
|
|
# file listed below
|
|
|
|
#mech_list: gssapi
|
|
|
|
#
|
|
|
|
# You can also list many mechanisms at once, then the user can choose
|
|
|
|
# by adding '?auth=sasl.gssapi' to their libvirt URI, eg
|
|
|
|
# qemu+tcp://hostname/system?auth=sasl.gssapi
|
|
|
|
#mech_list: digest-md5 gssapi
|
|
|
|
|
2012-10-20 18:10:03 +00:00
|
|
|
# Some older builds of MIT kerberos on Linux ignore this option &
|
|
|
|
# instead need KRB5_KTNAME env var.
|
|
|
|
# For modern Linux, and other OS, this should be sufficient
|
|
|
|
#
|
|
|
|
# There is no default value here, uncomment if you need this
|
|
|
|
#keytab: /etc/libvirt/krb5.tab
|
2007-12-05 18:21:04 +00:00
|
|
|
|
|
|
|
# If using digest-md5 for username/passwds, then this is the file
|
|
|
|
# containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
|
2013-07-09 14:01:55 +00:00
|
|
|
# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
|
2007-12-05 18:21:04 +00:00
|
|
|
sasldb_path: /etc/libvirt/passwd.db
|