[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libvirt authorization

> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth

Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.

> I don't know how users will be mapped to domains or if that's been
> discussed.
> http://libvirt.org/formatdomain.html 

I am happy to provide the user to domain map outside of libvirt. I
mainly want libvirt to provide a way to enforce such relationships, and
limit the management features for TLS/TCP connections.

> But http://libvirt.org/auth.html does mention how to auth users to
> libirtd in general.

Again this appears to focus on authN (with the exception of PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]