2017-03-15 12:53:22 +01:00
|
|
|
# If you want to use VNC remotely without TLS, then you *must*
|
|
|
|
# pick a mechanism which provides session encryption as well
|
|
|
|
# as authentication.
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
#
|
2017-03-15 12:53:22 +01:00
|
|
|
# If you are only using TLS, then you can turn on any mechanisms
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
# you like for authentication, because TLS provides the encryption
|
|
|
|
#
|
2017-03-15 12:53:22 +01:00
|
|
|
# If you are only using UNIX sockets then encryption is not
|
|
|
|
# required at all.
|
|
|
|
#
|
|
|
|
# NB, previously DIGEST-MD5 was set as the default mechanism for
|
|
|
|
# QEMU VNC. Per RFC 6331 this is vulnerable to many serious security
|
|
|
|
# flaws as should no longer be used. Thus GSSAPI is now the default.
|
|
|
|
#
|
|
|
|
# To use GSSAPI requires that a QEMU service principal is
|
|
|
|
# added to the Kerberos server for each host running QEMU.
|
|
|
|
# This principal needs to be exported to the keytab file listed below
|
|
|
|
mech_list: gssapi
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
|
2017-03-15 12:53:22 +01:00
|
|
|
# If using TLS with VNC, or a UNIX socket only, it is possible to
|
|
|
|
# enable plugins which don't provide session encryption. The
|
2021-03-04 19:14:26 +01:00
|
|
|
# 'scram-sha-256' plugin allows plain username/password authentication
|
2017-03-15 12:53:22 +01:00
|
|
|
# to be performed
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
#
|
2021-03-04 19:14:26 +01:00
|
|
|
#mech_list: scram-sha-256
|
2017-03-15 12:53:22 +01:00
|
|
|
|
|
|
|
# You can also list many mechanisms at once, and the VNC server will
|
|
|
|
# negotiate which to use by considering the list enabled on the VNC
|
|
|
|
# client.
|
2021-03-04 19:14:26 +01:00
|
|
|
#mech_list: scram-sha-256 gssapi
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
|
2017-03-15 12:53:22 +01:00
|
|
|
# This file needs to be populated with the service principal that
|
|
|
|
# was created on the Kerberos v5 server. If switching to a non-gssapi
|
|
|
|
# mechanism this can be commented out.
|
|
|
|
keytab: /etc/qemu/krb5.tab
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
|
2021-03-04 19:14:26 +01:00
|
|
|
# If using scram-sha-256 for username/passwds, then this is the file
|
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 21:27:28 +01:00
|
|
|
# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
|
2021-03-04 19:14:26 +01:00
|
|
|
# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it.
|
|
|
|
# Note that this file stores passwords in clear text.
|
2017-03-15 12:53:22 +01:00
|
|
|
#sasldb_path: /etc/qemu/passwd.db
|