[libvirt] libvirt authorization

Scott Beardsley scott at cse.ucdavis.edu
Sun Mar 22 19:13:26 UTC 2009

> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth

Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.

> I don't know how users will be mapped to domains or if that's been
> discussed.
> http://libvirt.org/formatdomain.html 

I am happy to provide the user to domain map outside of libvirt. I
mainly want libvirt to provide a way to enforce such relationships, and
limit the management features for TLS/TCP connections.

> But http://libvirt.org/auth.html does mention how to auth users to
> libirtd in general.

Again this appears to focus on authN (with the exception of PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).


More information about the libvir-list mailing list