Re: [libvirt] Implementing VNC per VM access control lists
On Mon, 2011-01-03 at 09:19 -0500, Stefan Berger wrote:
One issue is probably around migration and the server
(qemu-referenced) x509 certificates. If the certificates are embedded
(rather than referenced) in the domain XML they will automatically
migrate when the VM migrates, which is desirable. Otherwise migration
becomes (again) problematic and layers above libvirt would have to
take care of their migration.
The VNC session will still be lost due to the change of host and thus
the IP address and the client user will need to learn about the new
VNC port as well.
Don't you have the same problem at the moment with the existing per Host
SASL authentication?
I was more concerned with adding access list filters to the individual
VMs after the authentication has happened. And surely those would
migrate since they are contained within the configuration of the running
process?
I wasn't thinking of touching the authentication layer at all, more
adding an authorization filter layer.