1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 21:34:54 +03:00
libvirt/daemon/libvirtd.sasl
Daniel P. Berrange 5c2a1ae876 Rename qemud/ directory to daemon/
* qemud/: Rename to daemon/
* Makefile.am, configure.in, src/Makefile.am, src/remote_internal.c,
  tests/Makefile.am, tests/eventtest.c: s/qemud/daemon/ where needed
2009-09-21 14:41:42 +01:00

29 lines
1.1 KiB
Plaintext

# If you want to use the non-TLS socket, then you *must* include
# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
# ones that can offer session encryption as well as authentication.
#
# If you're only using TLS, then you can turn on any mechanisms
# you like for authentication, because TLS provides the encryption
#
# Default to a simple username+password mechanism
mech_list: digest-md5
# Before you can use GSSAPI, you need a service principle on the
# KDC server for libvirt, and that to be exported to the keytab
# file listed below
#mech_list: gssapi
#
# You can also list many mechanisms at once, then the user can choose
# by adding '?auth=sasl.gssapi' to their libvirt URI, eg
# qemu+tcp://hostname/system?auth=sasl.gssapi
#mech_list: digest-md5 gssapi
# MIT kerberos ignores this option & needs KRB5_KTNAME env var.
# May be useful for other non-Linux OS though....
keytab: /etc/libvirt/krb5.tab
# If using digest-md5 for username/passwds, then this is the file
# containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
# to add entries, and 'sasldblistusers2 -a libvirt' to browse it
sasldb_path: /etc/libvirt/passwd.db