On Fri, Jan 10, 2014 at 02:15:00PM +0000, Daniel P. Berrange wrote:
On Wed, Jan 08, 2014 at 06:39:40PM +0000, Richard W.M. Jones wrote:
> There is no easy way to test authentication against libvirt. This
> commit modifies the test driver to allow simple username/password
> authentication.
>
> You modify the test XML by adding:
>
> <node>
> ...
> <auth>
> <user password="123456">rich</user>
> <user>jane</user>
> </auth>
> </node>
>
> If there are any /node/auth/user elements, then authentication is
> required by the test driver (if none are present, then the test driver
> will work as before and not require authentication).
The API is explicitly designed to avoid hardcoding a fixed notion
of usernames + passwords, so I think the test driver should do the
same. ie we'd want XML in terms of credential types.
<auth>
<subject>
<credential type='username'>rich</credential>
<credential type='password'>123456</credential>
</subject>
...more subjects...
</auth>
I'd agree too, but I tried a generic implementation along these lines
and it was rather complex.
Firstly an actual driver would always ask for some distinguishing user
name so it knows who it's authenticating, making "username" special in
some sense. (This is why <user>username</user> is not an XML property).
Secondly a fully general authentication method is actually imperative.
It could ask you to type your mum's maiden name first, then could come
back with a second block of credential requests, and so on. (Even
with loops!)
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/