[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] how to get started with libvirt & central access control



On Sun, Dec 07, 2008 at 10:40:14AM -0500, Juan Miscaro wrote:
> Quite new to libvirt (and kvm).  I played with a few vm's with
> libvirt/kvm and vnc/virsh/virt-manager.  I would now like to implement
> access control for my vm's (of any format: xen, kvm, etc) to a remote
> backend (mysql/ldap/other).  Where does one begin?  I would later want
> to do the same but in the context of a cluster of hosts (each running
> multiple vm's).  Thanks in advance for any advice.

libvirt does not currently apply any fine grained access controsl over
objects it manages. The only access control is done at time the 
virConnectPtr object is created, either based on your UNIX userid,
or PolicyKit, or Kerberos/SASL, or SSL/x509.

We may add fine grained access control over objects in the future, but
there's no ETA for that. In the meantime such checks would be done in
your application

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]