[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Implementing VNC per VM access control lists



On Mon, 2011-01-03 at 09:19 -0500, Stefan Berger wrote:

> One issue is probably around migration and the server
> (qemu-referenced) x509 certificates. If the certificates are embedded
> (rather than referenced) in the domain XML they will automatically
> migrate when the VM migrates, which is desirable. Otherwise migration
> becomes (again) problematic and layers above libvirt would have to
> take care of their migration.
> 
> 
> The VNC session will still be lost due to the change of host and thus
> the IP address and the client user will need to learn about the new
> VNC port as well.

Don't you have the same problem at the moment with the existing per Host
SASL authentication? 

I was more concerned with adding access list filters to the individual
VMs after the authentication has happened. And surely those would
migrate since they are contained within the configuration of the running
process?

I wasn't thinking of touching the authentication layer at all, more
adding an authorization filter layer.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]