Re: [libvirt] libvirt authorization
On Sun, Mar 22, 2009 at 12:13:26PM -0700, Scott Beardsley wrote:
> SASL is being supported.
> Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.
That is correct. libvirtd currently provides TLS and SASL for their
encryption and authentication capabilities.
Fine grained access control is a TODO item...
Again this appears to focus on authN (with the exception of
PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).
That is correct, PolicyKit is for UNIX domain sockets only.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|