Comment 6 for bug 1964013

Thanks for checking out the patch. I was simply following the process here: https://security.openstack.org/#openstack-security-notes

Let's discuss the approach here, then move to gerrit to nitpick the implementation.

1)

a) I agree this is not ideal, but SCRAM is not supported on TCP connections. My patch uses SCRAM with TLS.

b) I was looking at https://packages.ubuntu.com/source/focal/cyrus-sasl2, but it's a source package. I guess we want sasl2-bin. libsasl2-modules-gssapi-mit looks like it's for GSSAPI, although does pull in libscram. I'll try those two.

2)

a) b) See comment #1. I switched to enabling it unconditionally after reading that. It shouldn't hurt, and can be disabled if necessary. I can tidy up inconsistencies in the patch.

c) See 1) a).