[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Authenticate APIs ?



On Thu, 2007-01-11 at 00:39 +0000, Daniel P. Berrange wrote:

> Finally, one could simply say, this is all rather complicated, why don't
> we just use a simple username+password for everything. While this would
> be nice from a coding POV, I think we need to be forward looking and 
> ensure we're setup to cope with things like Kerberos single-sign-on.
> This is why I'm looking at SASL for the QEMU authentication process - if
> you use libsasl.so you're app doesn't even need to know what auth method
> it is using - the admin can simple create an appropriate config file 
> for sasl, and bingo you're fully kerberized & single sign-on capable.

	SASL and all it entails does seem like the only sane approach.

	Perhaps look at the D-Bus API ... I vaguely remember being impressed at
the work Havoc did with SASL in D-BUS.

	Also, it might be nice to keep all the "remote stuff" nicely isolated
from the rest of the libvirt API which is nice and straightforward right
now.

Cheers,
Mark.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]