a) why add MD5? it's insecure anyway, scram should be enough
b) that package does not exist in Debuntu - need to use libsasl2-modules-gssapi-mit
2) Kolla Ansible:
a) the doc says libvirt tls uses mutual tls for auth (which is true) and disables sasl - this is wrongas you enable scram if tls and md5 if not, never disabling sasl - I suggest we disable sasl indeed
b) that same doc tells the truth slightly above the other remark - please explain
c) why not enable scram without tls too?
Argh, it's so unwieldy to try to review this without Gerrit. I suggest we move there, it's not that critical to keep hiding.
https:/ /access. redhat. com/blogs/ 766093/ posts/1976653
That said, here are my 2 cents:
1) Kolla:
a) why add MD5? it's insecure anyway, scram should be enough modules- gssapi- mit
b) that package does not exist in Debuntu - need to use libsasl2-
2) Kolla Ansible:
a) the doc says libvirt tls uses mutual tls for auth (which is true) and disables sasl - this is wrongas you enable scram if tls and md5 if not, never disabling sasl - I suggest we disable sasl indeed
b) that same doc tells the truth slightly above the other remark - please explain
c) why not enable scram without tls too?