Re: [Libvir] Authenticate APIs ?
On Thu, 2007-01-11 at 00:39 +0000, Daniel P. Berrange wrote:
Finally, one could simply say, this is all rather complicated, why
don't
we just use a simple username+password for everything. While this would
be nice from a coding POV, I think we need to be forward looking and
ensure we're setup to cope with things like Kerberos single-sign-on.
This is why I'm looking at SASL for the QEMU authentication process - if
you use libsasl.so you're app doesn't even need to know what auth method
it is using - the admin can simple create an appropriate config file
for sasl, and bingo you're fully kerberized & single sign-on capable.
SASL and all it entails does seem like the only sane approach.
Perhaps look at the D-Bus API ... I vaguely remember being impressed at
the work Havoc did with SASL in D-BUS.
Also, it might be nice to keep all the "remote stuff" nicely isolated
from the rest of the libvirt API which is nice and straightforward right
now.
Cheers,
Mark.