IMHO, we should use enable SASL auth for libvirtd and filter allowed clients at minimum.
Having an dedicated CA is good but I think not enough; I like the SASL layer for credentials, which will allow us to have granular authentification and enable PolicyKit for example.
IMHO, we should use enable SASL auth for libvirtd and filter allowed clients at minimum.
Having an dedicated CA is good but I think not enough; I like the SASL layer for credentials, which will allow us to have granular authentification and enable PolicyKit for example.