Let's discuss the approach here, then move to gerrit to nitpick the implementation.
1)
a) I agree this is not ideal, but SCRAM is not supported on TCP connections. My patch uses SCRAM with TLS.
b) I was looking at https://packages.ubuntu.com/source/focal/cyrus-sasl2, but it's a source package. I guess we want sasl2-bin. libsasl2-modules-gssapi-mit looks like it's for GSSAPI, although does pull in libscram. I'll try those two.
2)
a) b) See comment #1. I switched to enabling it unconditionally after reading that. It shouldn't hurt, and can be disabled if necessary. I can tidy up inconsistencies in the patch.
Thanks for checking out the patch. I was simply following the process here: https:/ /security. openstack. org/#openstack- security- notes
Let's discuss the approach here, then move to gerrit to nitpick the implementation.
1)
a) I agree this is not ideal, but SCRAM is not supported on TCP connections. My patch uses SCRAM with TLS.
b) I was looking at https:/ /packages. ubuntu. com/source/ focal/cyrus- sasl2, but it's a source package. I guess we want sasl2-bin. libsasl2- modules- gssapi- mit looks like it's for GSSAPI, although does pull in libscram. I'll try those two.
2)
a) b) See comment #1. I switched to enabling it unconditionally after reading that. It shouldn't hurt, and can be disabled if necessary. I can tidy up inconsistencies in the patch.
c) See 1) a).