SNI extensions.
Are there maybe other big differences in tls implementation in libvirt or
maybe some assumptions that are taken during tls handhake process?
пн, 10 дек. 2018 г. в 13:25, Daniel P. Berrangé :
> On Mon, Dec 10, 2018 at 01:22:32PM +0300, Anastasiya Ruzhanskaya wrote:
> >
before generating libvirt's client and server certificates?
пн, 10 дек. 2018 г. в 13:11, Daniel P. Berrangé :
> Re-adding the libvirt-users list - please don't take discussions off-list.
>
> On Mon, Dec 10, 2018 at 01:10:18PM +0300, Anastasiya Ruzhanskaya wrote:
> > I alr
And how I can tell libvirt to trust multiple CAs?
сб, 8 дек. 2018 г. в 11:19, Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Hello!
> Does libvirt uses certificate pinning in tls? I want to setup a
> transparent proxy (mitmproxy) and can't do this even after I
Hello!
Does libvirt uses certificate pinning in tls? I want to setup a transparent
proxy (mitmproxy) and can't do this even after I added mitmproxy ca
certificate to the trusted certificates in ubuntu.
___
libvirt-users mailing list
libvirt-users@redhat.c
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified libvirtd.conf
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified libvirtd.conf
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified libvirtd.conf
Hello everyone!
I am trying without any success to decipher traffic from client to server
in virt-manager in wireshark, but I don't know the sessioon key there, so
seems no chance to do this.
This is why I want to ask, is any info related to the certificate sent
through the connection? Or if I us
(gssapi)
- it becomes harder to decrypt. Where should I look to find out how libvirt
does this decryption when sasl is used?
чт, 22 нояб. 2018 г. в 12:31, Jiri Denemark :
> On Thu, Nov 22, 2018 at 09:58:41 +0300, Anastasiya Ruzhanskaya wrote:
> > Hello!
> > I was investigating lib
Hello!
I was investigating libvirt a year ago regarding it's remote control. I
figured out necessary settings for configuring remote control in ubuntu
(setting flags in libvirt setting files). Now I have several questions:
1) Are these flags the same for Centos?
They did not worked for me.
My flag
ey used somehow in the sent packets?
ср, 9 мая 2018 г. в 11:27, Daniel P. Berrangé :
> On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> > Ok, excuse me for misunderstanding, how it is possible then to set up
> > access control when I use remote connecti
string fields in RPC message, simply login = <...> inside message). Why
this (assume that it is possible to implement this for everyone) will not
work?
2018-05-14 12:25 GMT+03:00 Daniel P. Berrangé :
> On Sat, May 12, 2018 at 11:36:08AM +0300, Anastasiya Ruzhanskaya wrote:
> > I
GMT+03:00 Daniel P. Berrangé :
> On Fri, May 11, 2018 at 04:26:36PM +0300, Anastasiya Ruzhanskaya wrote:
> > Excuse me for renewing this discussion, but I am curious if you would add
> > new module, which will be able to process users not based on unix
> > processes, from where
P. Berrangé :
> On Fri, May 11, 2018 at 04:26:36PM +0300, Anastasiya Ruzhanskaya wrote:
> > Excuse me for renewing this discussion, but I am curious if you would add
> > new module, which will be able to process users not based on unix
> > processes, from where do you pl
, none of the usernames reach libvirt through the communication
between server and nodes.
2018-05-09 14:46 GMT+03:00 Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Great, thanks for pointing this out. I will certainly look at it.
>
> 2018-05-09 14:41 GMT+03:00 Dan
Great, thanks for pointing this out. I will certainly look at it.
2018-05-09 14:41 GMT+03:00 Daniel P. Berrangé :
> On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote:
> > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote:
> > > Here h
sVirt is the right thing I should look at.
2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé :
> On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> > Ok, excuse me for misunderstanding, how it is possible then to set up
> > access control when I use remote connecti
018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> > I read this page https://libvirt.org/aclpolkit.html
> > And it is written :"At this point in time, the only attribute provided by
> > libvirt to identify the user invoking the operation is the PID of the
> > cli
ns to libvirt are restricted to its UNIX domain socket."
2018-05-09 11:00 GMT+03:00 Daniel P. Berrangé :
> On Wed, May 09, 2018 at 09:46:28AM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello!
> > According to the documentation access control drivers are not in really
> > &quo
Hello!
According to the documentation access control drivers are not in really
"good condition". There is a polkit, but it can distinguish users only
according the pid. However, I have met some articles about more
fine-grained control and about selinux drivers for libvirt? So, what is the
status no
Hello!
Where I can get maybe a tutorial or smth like this about how to use SELinux
with libvirt?
___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
And also I heard that there is support of a SElinux driver..
2018-05-07 12:41 GMT+03:00 Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Hi, I wanted just to ask an additional question to that:
> how then here in the polkit documentation you distinguish users?:
>
>
Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello everyone,
> > I have a question about logging. I need to find out whether it is
> possible
> > to see user id/session id inside logs or somewhere else. It is not passed
> > in structured across
Hello everyone,
I have a question about logging. I need to find out whether it is possible
to see user id/session id inside logs or somewhere else. It is not passed
in structured across the network, so where should I look to find out, which
user (which session) is currently performing the actions?
I also wanted to know,
where the information about current session is sent?
In which structures ( I actually didn't find this in code)?
Is it appended to every sent procedure or not? Or maybe libvirt checks in
some other way ?
Thank you.
2017-12-10 20:57 GMT+01:00 Anastasiya Ruzhan
Hello,
I am currently trying to install certificates for tls. By this time I have
got some questions:
1) Is documentation in the web docs up-to-date regarding tls server,
client, ca certificates? (actually I have some problems, but maybe this is
due to smth has changed in certtools and was not upda
Hello,
I am experimenting with libvirt for my diploma. I set up an environment,
where I can stop, resend, generate messages for libvirt.
I am capable also standing between client and server and analyze the number
of current procedure and decide what to do next ( I mean rpc procedure).
So, for exam
What is exactly the format of data being sent across remote connection (
from client to server with RPC protocol)? I see, there is XML but converted
to string.
___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo
2017 at 10:16:47AM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello,
> > I have some questions about libvirt remote connection.
> > Am I right that internally libvirt uses only tcp ( ssh and tls are only
> > encryption based on this) + ftp ( when working with image itself)? Als
Hello,
I have some questions about libvirt remote connection.
Am I right that internally libvirt uses only tcp ( ssh and tls are only
encryption based on this) + ftp ( when working with image itself)? Also I
have found that it uses RPC. However, as I know RPC runs above tcp but I
cannot capture th
30 matches
Mail list logo