Hi Sahid,
this is intentional by upstream, see [1]

To quote the most important part:
"... SCRAM mechanism, however, note that this does not provide encryption, so 
the SCRAM mechanism can only be used on the libvirtd TLS listener ..."

For TCP you have to use either the outdated/deprecated/non-recommended 
DIGEST-MD5 (as you foudn working).
Or (much better) set up for GSSAPI (which therefore also is the default in the 
config). For that setup [2] you need to configure kerberos [3].

Maybe the upstream error message could be better, but the TL;DR is
TCP+SCARM is not intended to work.


[1]: https://libvirt.org/auth.html#ACL_server_sasl
[2]: https://libvirt.org/auth.html#ACL_server_kerberos
[3]: https://help.ubuntu.com/lts/serverguide/kerberos.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835427

Title:
  sasl authentication fails when using mech scram-sha-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1835427/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to