[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Authenticate APIs ?

From: Mark McLoughlin <markmc redhat com>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: libvir-list redhat com
Subject: Re: [Libvir] Authenticate APIs ?
Date: Mon, 15 Jan 2007 20:50:47 +0000

On Thu, 2007-01-11 at 00:39 +0000, Daniel P. Berrange wrote:

> Finally, one could simply say, this is all rather complicated, why don't
> we just use a simple username+password for everything. While this would
> be nice from a coding POV, I think we need to be forward looking and 
> ensure we're setup to cope with things like Kerberos single-sign-on.
> This is why I'm looking at SASL for the QEMU authentication process - if
> you use libsasl.so you're app doesn't even need to know what auth method
> it is using - the admin can simple create an appropriate config file 
> for sasl, and bingo you're fully kerberized & single sign-on capable.

	SASL and all it entails does seem like the only sane approach.

	Perhaps look at the D-Bus API ... I vaguely remember being impressed at
the work Havoc did with SASL in D-BUS.

	Also, it might be nice to keep all the "remote stuff" nicely isolated
from the rest of the libvirt API which is nice and straightforward right
now.

Cheers,
Mark.

Follow-Ups:
- Re: [Libvir] Authenticate APIs ?
  - From: Daniel P. Berrange

References:
- [Libvir] Authenticate APIs ?
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]