[Libvir] Authenticate APIs ?

[Richard W.M. Jones]

[Apologies that this is not threaded with the original post]

 > Following on from the issue of certificate management, is the issue of
 > authentication. This hasn't been an issue thus far, because Xen has zero
 > authentication. I'm not planning to make this same mistake with the QEMU
 > management daemon though - its going to have a secure data transport and
 > real authentication from day-1. Thus we need to consider how 
authentication
 > is exposed at the libvirt client API layer.
 >
 > First off, there are many possible authentication approaches:
 >
 >   - Username + password
 >   - Username + one time key
 >   - Username + password digest
 >   - Kerberos tickets
 >   - x509 certificates
 >   - ...etc

I would definitely avoid over-engineering a solution.

I suspect that "large corp" users will understand certificate 
infrastructures -- they probably already use X.509 client certificates 
to authenticate desktops -- and will be able to manage those.  Everyone 
else will want to use ssh, the model for that being the way cvs allows 
you to flexibly hand over authentication problems to an external program 
through setting the $CVS_RSH environment variable.

It's so easy to set up ssh to get passwordless remote logins.  If they 
haven't set that up, and they're using libvirt through a command line 
tool like virsh then they'll get a prompt from ssh to type a password.

ssh also has the advantage that it is very widely installed.

The only issue is what command to run on the remote system.  A simple 
command line tool which talks to the daemon over a socket might be one 
option.  nc (netcat), gnutls_cli or stunnel might work too.

Rich.

-- 
Red Hat UK Ltd.
64 Baker Street, London, W1U 7DF
Mobile: +44 7866 314 421 (will change soon)