[libvirt] libvirt authorization

Daniel P. Berrange berrange at redhat.com
Mon Mar 23 09:29:43 UTC 2009

On Sun, Mar 22, 2009 at 12:13:26PM -0700, Scott Beardsley wrote:
> > SASL is being supported.
> > Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
> Doesn't SASL only provide an authentication (aka authN) layer? I'm
> looking for an authorization (aka authZ) layer. I'm using client SSL
> certs for authN.

That is correct. libvirtd currently provides TLS and SASL for their 
encryption and authentication capabilities.

Fine grained access control is a TODO item...

> Again this appears to focus on authN (with the exception of PolicyKit
> which provides both). I'm not sure PolicyKit will work with TLS/TCP
> connections since it appears to target unix sockets only (ie local users).

That is correct, PolicyKit is for UNIX domain sockets only.

|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list