[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvirt] VNC auth per VM



On Mon, Jun 08, 2009 at 02:00:58PM +0200, Christian Weyermann wrote:
> Daniel P. Berrange schrieb:
> > On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote:
> >   
> >> Hello everybody,
> >>
> >> I encountered the following problem. I want my users to only be able to
> >> connect to their own virtual machines via VNC. Is there any way to do so?
> >>     
> >
> > The VNC authentication setup is currently being done per-host, so there
> > is no way to define ACLs per-(user,vm) tuple as you describe.
> >
> Do you think, there might be a chance reaching this goal anyway, using
> VNC-Kerberos Auth via SASL, as the virt-viewer supports SASL?

No, afraid that won't help you. The key issue is that there is no way to
specify authorization data on a per-VM basis. So if you authenticate
successfully you have access. We need to add a way to check the authenticated
username against an access control list of some form.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]