[libvirt-users] Libvirt access control drivers
Anastasiya Ruzhanskaya
anastasiya.ruzhanskaya at frtk.ru
Sun May 27 17:03:28 UTC 2018
Hello!
I still want to clarify one question. Instead of making authentication of
oVirt and then impersonation of each user, oVirt can just pass user
information inside messages and libvirt at the end can read this user
information inside rpc messages (perhaps user login could be written in one
of string fields in RPC message, simply login = <...> inside message). Why
this (assume that it is possible to implement this for everyone) will not
work?
2018-05-14 12:25 GMT+03:00 Daniel P. Berrangé <berrange at redhat.com>:
> On Sat, May 12, 2018 at 11:36:08AM +0300, Anastasiya Ruzhanskaya wrote:
> > I actually didn't quite catch,why oVirt can't just pass user information
> > and you could check against it? This may require to create some
> > configuration files for libvirt about end users.
> > What is a advantage of authenticating oVirt, and then impersonation for
> end
> > user?
>
> Libvirt authentication happens when a connection is opened - oVirt doesn't
> open a connection for each user. So you have to have a way to authenticate
> the initial connection, and then authorize individual APIs made on it.
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o- https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o- https://www.instagram.com/
> dberrange :|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20180527/52af71b6/attachment.htm>
More information about the libvirt-users
mailing list