Re: [Libvirt] VNC auth per VM

Daniel P. Berrange schrieb: > On Mon, Jun 08, 2009 at 02:00:58PM +0200, Christian Weyermann wrote: > >> Daniel P. Berrange schrieb: >> >>> On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote: >>> >>> >>>> Hello everybody, >>>> >>>> I encountered the following problem. I want my users to only be able to >>>> connect to their own virtual machines via VNC. Is there any way to do so? >>>> >>>> >>> The VNC authentication setup is currently being done per-host, so there >>> is no way to define ACLs per-(user,vm) tuple as you describe. >>> >>> >> Do you think, there might be a chance reaching this goal anyway, using >> VNC-Kerberos Auth via SASL, as the virt-viewer supports SASL? >> > > No, afraid that won't help you. The key issue is that there is no way to > specify authorization data on a per-VM basis. So if you authenticate > successfully you have access. We need to add a way to check the authenticated > username against an access control list of some form. Do you have any idea when this issue will be tackled?