Re: [libvirt] Question about LSN-2016-0001

2016-08-01 Thread Jim Fehlig
On 08/01/2016 10:14 AM, Daniel P. Berrange wrote: > On Mon, Aug 01, 2016 at 10:00:05AM -0600, Jim Fehlig wrote: >> On 08/01/2016 03:13 AM, Daniel P. Berrange wrote: >>> On Fri, Jul 29, 2016 at 02:16:16PM -0600, Jim Fehlig wrote: I've noticed the behavior described by this LSN with libvirt+Xen.

Re: [libvirt] Question about LSN-2016-0001

2016-08-01 Thread Daniel P. Berrange
On Mon, Aug 01, 2016 at 10:00:05AM -0600, Jim Fehlig wrote: > On 08/01/2016 03:13 AM, Daniel P. Berrange wrote: > > On Fri, Jul 29, 2016 at 02:16:16PM -0600, Jim Fehlig wrote: > >> I've noticed the behavior described by this LSN with libvirt+Xen. Config > >> containing allows any client to > >> co

Re: [libvirt] Question about LSN-2016-0001

2016-08-01 Thread Jim Fehlig
On 08/01/2016 03:13 AM, Daniel P. Berrange wrote: > On Fri, Jul 29, 2016 at 02:16:16PM -0600, Jim Fehlig wrote: >> I've noticed the behavior described by this LSN with libvirt+Xen. Config >> containing allows any client to >> connect with no authentication check. I asked about this on the Xen secu

Re: [libvirt] Question about LSN-2016-0001

2016-08-01 Thread Daniel P. Berrange
On Fri, Jul 29, 2016 at 02:16:16PM -0600, Jim Fehlig wrote: > I've noticed the behavior described by this LSN with libvirt+Xen. Config > containing allows any client to > connect with no authentication check. I asked about this on the Xen security > list and was told that "libxl interprets an empt

[libvirt] Question about LSN-2016-0001

2016-07-29 Thread Jim Fehlig
I've noticed the behavior described by this LSN with libvirt+Xen. Config containing allows any client to connect with no authentication check. I asked about this on the Xen security list and was told that "libxl interprets an empty password in the caller's configuration to mean that passwordless a