| Line 17... |
Line 17... |
| 17 |
# This principal needs to be exported to the keytab file listed below
|
17 |
# This principal needs to be exported to the keytab file listed below
|
| 18 |
mech_list: gssapi
|
18 |
mech_list: gssapi
|
| 19 |
|
19 |
|
| 20 |
# If using TLS with VNC, or a UNIX socket only, it is possible to
|
20 |
# If using TLS with VNC, or a UNIX socket only, it is possible to
|
| 21 |
# enable plugins which don't provide session encryption. The
|
21 |
# enable plugins which don't provide session encryption. The
|
| 22 |
# 'scram-sha-1' plugin allows plain username/password authentication
|
22 |
# 'scram-sha-256' plugin allows plain username/password authentication
|
| 23 |
# to be performed
|
23 |
# to be performed
|
| 24 |
#
|
24 |
#
|
| 25 |
#mech_list: scram-sha-1
|
25 |
#mech_list: scram-sha-256
|
| 26 |
|
26 |
|
| 27 |
# You can also list many mechanisms at once, and the VNC server will
|
27 |
# You can also list many mechanisms at once, and the VNC server will
|
| 28 |
# negotiate which to use by considering the list enabled on the VNC
|
28 |
# negotiate which to use by considering the list enabled on the VNC
|
| 29 |
# client.
|
29 |
# client.
|
| 30 |
#mech_list: scram-sha-1 gssapi
|
30 |
#mech_list: scram-sha-256 gssapi
|
| 31 |
|
31 |
|
| 32 |
# Some older builds of MIT kerberos on Linux ignore this option &
|
- |
|
| 33 |
# instead need KRB5_KTNAME env var.
|
- |
|
| 34 |
# For modern Linux, and other OS, this should be sufficient
|
- |
|
| 35 |
#
|
- |
|
| 36 |
# This file needs to be populated with the service principal that
|
32 |
# This file needs to be populated with the service principal that
|
| 37 |
# was created on the Kerberos v5 server. If switching to a non-gssapi
|
33 |
# was created on the Kerberos v5 server. If switching to a non-gssapi
|
| 38 |
# mechanism this can be commented out.
|
34 |
# mechanism this can be commented out.
|
| 39 |
keytab: /etc/qemu/krb5.tab
|
35 |
keytab: /etc/qemu/krb5.tab
|
| 40 |
|
36 |
|
| 41 |
# If using scram-sha-1 for username/passwds, then this is the file
|
37 |
# If using scram-sha-256 for username/passwds, then this is the file
|
| 42 |
# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
|
38 |
# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
|
| 43 |
# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
|
39 |
# to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it.
|
| - |
|
40 |
# Note that this file stores passwords in clear text.
|
| 44 |
#sasldb_path: /etc/qemu/passwd.db
|
41 |
#sasldb_path: /etc/qemu/passwd.db
|