[libvirt] libvirt authorization
Daniel P. Berrange
berrange at redhat.com
Mon Mar 23 09:29:43 UTC 2009
On Sun, Mar 22, 2009 at 12:13:26PM -0700, Scott Beardsley wrote:
>
> > SASL is being supported.
> > Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
>
> Doesn't SASL only provide an authentication (aka authN) layer? I'm
> looking for an authorization (aka authZ) layer. I'm using client SSL
> certs for authN.
That is correct. libvirtd currently provides TLS and SASL for their
encryption and authentication capabilities.
Fine grained access control is a TODO item...
> Again this appears to focus on authN (with the exception of PolicyKit
> which provides both). I'm not sure PolicyKit will work with TLS/TCP
> connections since it appears to target unix sockets only (ie local users).
That is correct, PolicyKit is for UNIX domain sockets only.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list