[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] test driver: Add authentication to test driver.



On Fri, Jan 10, 2014 at 02:15:00PM +0000, Daniel P. Berrange wrote:
> On Wed, Jan 08, 2014 at 06:39:40PM +0000, Richard W.M. Jones wrote:
> > There is no easy way to test authentication against libvirt.  This
> > commit modifies the test driver to allow simple username/password
> > authentication.
> > 
> > You modify the test XML by adding:
> > 
> >  <node>
> >    ...
> >    <auth>
> >      <user password="123456">rich</user>
> >      <user>jane</user>
> >    </auth>
> >  </node>
> > 
> > If there are any /node/auth/user elements, then authentication is
> > required by the test driver (if none are present, then the test driver
> > will work as before and not require authentication).
> 
> The API is explicitly designed to avoid hardcoding a fixed notion
> of usernames + passwords, so I think the test driver should do the
> same. ie we'd want XML in terms of credential types.
> 
>   <auth>
>     <subject>
>       <credential type='username'>rich</credential>
>       <credential type='password'>123456</credential>
>     </subject>
>     ...more subjects...
>   </auth>

I'd agree too, but I tried a generic implementation along these lines
and it was rather complex.

Firstly an actual driver would always ask for some distinguishing user
name so it knows who it's authenticating, making "username" special in
some sense.  (This is why <user>username</user> is not an XML property).

Secondly a fully general authentication method is actually imperative.
It could ask you to type your mum's maiden name first, then could come
back with a second block of credential requests, and so on.  (Even
with loops!)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]