[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [libvirt] libvirt authorization
- From: "Daniel P. Berrange" <berrange redhat com>
- To: Scott Beardsley <scott cse ucdavis edu>
- Cc: libvir-list redhat com
- Subject: Re: [libvirt] libvirt authorization
- Date: Mon, 23 Mar 2009 09:29:43 +0000
On Sun, Mar 22, 2009 at 12:13:26PM -0700, Scott Beardsley wrote:
>
> > SASL is being supported.
> > Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
>
> Doesn't SASL only provide an authentication (aka authN) layer? I'm
> looking for an authorization (aka authZ) layer. I'm using client SSL
> certs for authN.
That is correct. libvirtd currently provides TLS and SASL for their
encryption and authentication capabilities.
Fine grained access control is a TODO item...
> Again this appears to focus on authN (with the exception of PolicyKit
> which provides both). I'm not sure PolicyKit will work with TLS/TCP
> connections since it appears to target unix sockets only (ie local users).
That is correct, PolicyKit is for UNIX domain sockets only.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]