diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-06-14 15:59:13 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-06-14 15:59:13 +0100 |
| commit | 1ea06abceec61b6f3ab33dadb0510b6e09fb61e2 (patch) | |
| tree | 4b76a98d9104f81de9d8b337e470eacd1e04dfe5 /qemu.sasl | |
| parent | fbe7919ecee8d525ccd107027d73d877cd4eccc4 (diff) | |
| parent | 970bc16f60937bcfd334f14c614bd4407c247961 (diff) | |
| download | focaccia-qemu-1ea06abceec61b6f3ab33dadb0510b6e09fb61e2.tar.gz focaccia-qemu-1ea06abceec61b6f3ab33dadb0510b6e09fb61e2.zip | |
Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-fixes-pull-request' into staging
Merge misc patches # gpg: Signature made Mon 14 Jun 2021 15:14:48 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-fixes-pull-request: usb/dev-mtp: use GDateTime for formatting timestamp for objects block: use GDateTime for formatting timestamp when dumping snapshot info migration: use GDateTime for formatting timestamp in snapshot names block: remove duplicate trace.h include block: add trace point when fdatasync fails block: preserve errno from fdatasync failures softmmu: add trace point when bdrv_flush_all fails migration: add trace point when vm_stop_force_state fails sasl: remove comment about obsolete kerberos versions docs: recommend SCRAM-SHA-256 SASL mech instead of SHA-1 variant docs: document usage of the authorization framework docs: document how to pass secret data to QEMU docs: add table of contents to QAPI references Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qemu.sasl')
| -rw-r--r-- | qemu.sasl | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/qemu.sasl b/qemu.sasl index fb8a92ba58..851acc7e8f 100644 --- a/qemu.sasl +++ b/qemu.sasl @@ -19,26 +19,23 @@ mech_list: gssapi # If using TLS with VNC, or a UNIX socket only, it is possible to # enable plugins which don't provide session encryption. The -# 'scram-sha-1' plugin allows plain username/password authentication +# 'scram-sha-256' plugin allows plain username/password authentication # to be performed # -#mech_list: scram-sha-1 +#mech_list: scram-sha-256 # You can also list many mechanisms at once, and the VNC server will # negotiate which to use by considering the list enabled on the VNC # client. -#mech_list: scram-sha-1 gssapi +#mech_list: scram-sha-256 gssapi -# Some older builds of MIT kerberos on Linux ignore this option & -# instead need KRB5_KTNAME env var. -# For modern Linux, and other OS, this should be sufficient -# # This file needs to be populated with the service principal that # was created on the Kerberos v5 server. If switching to a non-gssapi # mechanism this can be commented out. keytab: /etc/qemu/krb5.tab -# If using scram-sha-1 for username/passwds, then this is the file +# If using scram-sha-256 for username/passwds, then this is the file # containing the passwds. Use 'saslpasswd2 -a qemu [username]' -# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it +# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it. +# Note that this file stores passwords in clear text. #sasldb_path: /etc/qemu/passwd.db |