[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [Libvirt] VNC auth per VM
- From: "Hugh O. Brock" <hbrock redhat com>
- To: Christian Weyermann <WeyermannCh41582 ohm-hochschule de>
- Cc: libvir-list redhat com
- Subject: Re: [Libvirt] VNC auth per VM
- Date: Wed, 10 Jun 2009 09:08:10 -0400
On Wed, Jun 10, 2009 at 01:36:42PM +0200, Christian Weyermann wrote:
> Daniel P. Berrange schrieb:
> > On Mon, Jun 08, 2009 at 02:00:58PM +0200, Christian Weyermann wrote:
> >
> >> Daniel P. Berrange schrieb:
> >>
> >>> On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote:
> >>>
> >>>
> >>>> Hello everybody,
> >>>>
> >>>> I encountered the following problem. I want my users to only be able to
> >>>> connect to their own virtual machines via VNC. Is there any way to do so?
> >>>>
> >>>>
> >>> The VNC authentication setup is currently being done per-host, so there
> >>> is no way to define ACLs per-(user,vm) tuple as you describe.
> >>>
> >>>
> >> Do you think, there might be a chance reaching this goal anyway, using
> >> VNC-Kerberos Auth via SASL, as the virt-viewer supports SASL?
> >>
> >
> > No, afraid that won't help you. The key issue is that there is no way to
> > specify authorization data on a per-VM basis. So if you authenticate
> > successfully you have access. We need to add a way to check the authenticated
> > username against an access control list of some form.
> Do you have any idea when this issue will be tackled?
>
It is on our wish list for Real Soon Now, but we haven't identified
anyone to actually do the work yet... patches welcome :)...
--Hugh
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]