[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] tls_allowed_ip_list?

From: Daniel Veillard <veillard redhat com>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: Libvirt <libvir-list redhat com>
Subject: Re: [libvirt] tls_allowed_ip_list?
Date: Tue, 3 Mar 2009 10:03:11 +0100

On Tue, Mar 03, 2009 at 08:50:54AM +0000, Daniel P. Berrange wrote:
> On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote:
> > All,
> >      While doing testing on TLS, I came across the mention of
> > "tls_allowed_ip_list" in the website documentation, here:
> > 
> > http://libvirt.org/remote.html#Remote_libvirtd_configuration
> > 
> > However, I don't see any implementation of the tls_allowed_ip_list in libvirt
> > itself; a grep through the sources show that we are implementing
> > "tls_allowed_dn_list", but not "tls_allowed_ip_list".  Am I missing something in
> > the sources?  Should we update the libvirt.org documentation and remove that
> > (seemingly non-existent) parameter?  Or should I go in and implement the
> > "tls_allowed_ip_list"?
> 
> That functionality was removed because it is utterly worthless as an
> access control feature, and if you want to block rogue IP (ranges) you
> can do it in iptables far more efficiently & flexibly anyway. The
> docs just need to be removed

  okay, even simpler, I will do it before the release !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

References:
- [libvirt] tls_allowed_ip_list?
  - From: Chris Lalancette
- Re: [libvirt] tls_allowed_ip_list?
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]