[libvirt] libvirt authorization
Scott Beardsley
scott at cse.ucdavis.edu
Sun Mar 22 19:13:26 UTC 2009
> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.
> I don't know how users will be mapped to domains or if that's been
> discussed.
> http://libvirt.org/formatdomain.html
I am happy to provide the user to domain map outside of libvirt. I
mainly want libvirt to provide a way to enforce such relationships, and
limit the management features for TLS/TCP connections.
> But http://libvirt.org/auth.html does mention how to auth users to
> libirtd in general.
Again this appears to focus on authN (with the exception of PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).
Scott
More information about the libvir-list
mailing list