[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Libvirt] VNC auth per VM

From: Christian Weyermann <WeyermannCh41582 ohm-hochschule de>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: libvir-list redhat com
Subject: Re: [Libvirt] VNC auth per VM
Date: Wed, 10 Jun 2009 13:36:42 +0200

Daniel P. Berrange schrieb:
> On Mon, Jun 08, 2009 at 02:00:58PM +0200, Christian Weyermann wrote:
>   
>> Daniel P. Berrange schrieb:
>>     
>>> On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote:
>>>   
>>>       
>>>> Hello everybody,
>>>>
>>>> I encountered the following problem. I want my users to only be able to
>>>> connect to their own virtual machines via VNC. Is there any way to do so?
>>>>     
>>>>         
>>> The VNC authentication setup is currently being done per-host, so there
>>> is no way to define ACLs per-(user,vm) tuple as you describe.
>>>
>>>       
>> Do you think, there might be a chance reaching this goal anyway, using
>> VNC-Kerberos Auth via SASL, as the virt-viewer supports SASL?
>>     
>
> No, afraid that won't help you. The key issue is that there is no way to
> specify authorization data on a per-VM basis. So if you authenticate
> successfully you have access. We need to add a way to check the authenticated
> username against an access control list of some form.
Do you have any idea when this issue will be tackled?

Best Regards,
Chris

Follow-Ups:
- Re: [Libvirt] VNC auth per VM
  - From: Hugh O. Brock

References:
- [Libvirt] VNC auth per VM
  - From: Christian Weyermann
- Re: [Libvirt] VNC auth per VM
  - From: Daniel P. Berrange
- Re: [Libvirt] VNC auth per VM
  - From: Christian Weyermann
- Re: [Libvirt] VNC auth per VM
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]