[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC]: Secure migration

From: "Daniel P. Berrange" <berrange redhat com>
To: Itamar Heim <iheim redhat com>
Cc: 'Libvirt' <libvir-list redhat com>
Subject: Re: [libvirt] [RFC]: Secure migration
Date: Tue, 3 Mar 2009 17:58:35 +0000

On Tue, Mar 03, 2009 at 12:52:41PM -0500, Itamar Heim wrote:
> > From: libvir-list-bounces redhat com [mailto:libvir-list-
> > bounces redhat com] On Behalf Of Daniel P. Berrange
> ...
> > > c) libvirtd is using SASL gssapi on the dst machine.  When the src
> > machine tries
> > > to connect to the dst, it needs to have the right configuration (i.e.
> > > /etc/krb5.conf and /etc/sasl2/libvirt.conf need to work), and it also
> > has to get
> > > some kind of principal from the kerberos server (but which
> > principal?).
> > 
> > Each server has a kerberos principal, so I'd expect they can directly
> > auth to each other, assuming suitable ACL configs.
> [IH] you are assuming anyone using Libvirt will be using Kerberos?

No, libvirt supports any SASL auth method - I was just refering to
Chris' question about gssapi credentials

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

References:
- [libvirt] [RFC]: Secure migration
  - From: Chris Lalancette
- Re: [libvirt] [RFC]: Secure migration
  - From: Daniel P. Berrange
- RE: [libvirt] [RFC]: Secure migration
  - From: Itamar Heim

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]