[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libvirt authorization

From: Scott Beardsley <scott cse ucdavis edu>
To: Dale Bewley <dlbewley lib ucdavis edu>
Cc: libvir-list redhat com
Subject: Re: [libvirt] libvirt authorization
Date: Sun, 22 Mar 2009 12:13:26 -0700

> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth

Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.

> I don't know how users will be mapped to domains or if that's been
> discussed.
> http://libvirt.org/formatdomain.html 

I am happy to provide the user to domain map outside of libvirt. I
mainly want libvirt to provide a way to enforce such relationships, and
limit the management features for TLS/TCP connections.

> But http://libvirt.org/auth.html does mention how to auth users to
> libirtd in general.

Again this appears to focus on authN (with the exception of PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).

Scott

Follow-Ups:
- Re: [libvirt] libvirt authorization
  - From: Daniel P. Berrange

References:
- [libvirt] libvirt authorization
  - From: Scott Beardsley
- Re: [libvirt] libvirt authorization
  - From: Dale Bewley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]