[libvirt-users] Libvirt access control drivers
Erik Skultety
eskultet at redhat.com
Wed May 30 11:49:30 UTC 2018
On Sun, May 27, 2018 at 08:03:28PM +0300, Anastasiya Ruzhanskaya wrote:
> Hello!
> I still want to clarify one question. Instead of making authentication of
> oVirt and then impersonation of each user, oVirt can just pass user
> information inside messages and libvirt at the end can read this user
Bypassing libvirt API and sending RPC messages to libvirtd is strongly
discouraged and oVirt wouldn't do that, besides, when the libvirtd deserializes
the RPC message it will eventually call the same public API entry point that
was used on the client side, but delegating it to a different driver (remote vs
qemu for example). Knowing that, how would you pass this extra information
to the existing API without changing it?
> information inside rpc messages (perhaps user login could be written in one
> of string fields in RPC message, simply login = <...> inside message). Why
Changes to the RPC protocol would result in backwards incompatibility.
Erik
> this (assume that it is possible to implement this for everyone) will not
> work?
More information about the libvirt-users
mailing list