[Libvir] Authenticate APIs ?
Mark McLoughlin
markmc at redhat.com
Mon Jan 15 20:50:47 UTC 2007
On Thu, 2007-01-11 at 00:39 +0000, Daniel P. Berrange wrote:
> Finally, one could simply say, this is all rather complicated, why don't
> we just use a simple username+password for everything. While this would
> be nice from a coding POV, I think we need to be forward looking and
> ensure we're setup to cope with things like Kerberos single-sign-on.
> This is why I'm looking at SASL for the QEMU authentication process - if
> you use libsasl.so you're app doesn't even need to know what auth method
> it is using - the admin can simple create an appropriate config file
> for sasl, and bingo you're fully kerberized & single sign-on capable.
SASL and all it entails does seem like the only sane approach.
Perhaps look at the D-Bus API ... I vaguely remember being impressed at
the work Havoc did with SASL in D-BUS.
Also, it might be nice to keep all the "remote stuff" nicely isolated
from the rest of the libvirt API which is nice and straightforward right
now.
Cheers,
Mark.
More information about the libvir-list
mailing list