On Thu, 2007-01-11 at 00:39 +0000, Daniel P. Berrange wrote:
Finally, one could simply say, this is all rather complicated, why don't we just use a simple username+password for everything. While this would be nice from a coding POV, I think we need to be forward looking and ensure we're setup to cope with things like Kerberos single-sign-on. This is why I'm looking at SASL for the QEMU authentication process - if you use libsasl.so you're app doesn't even need to know what auth method it is using - the admin can simple create an appropriate config file for sasl, and bingo you're fully kerberized & single sign-on capable.
SASL and all it entails does seem like the only sane approach. Perhaps look at the D-Bus API ... I vaguely remember being impressed at the work Havoc did with SASL in D-BUS. Also, it might be nice to keep all the "remote stuff" nicely isolated from the rest of the libvirt API which is nice and straightforward right now. Cheers, Mark.