SASL is being supported. Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
Doesn't SASL only provide an authentication (aka authN) layer? I'm looking for an authorization (aka authZ) layer. I'm using client SSL certs for authN.
I don't know how users will be mapped to domains or if that's been discussed. http://libvirt.org/formatdomain.html
I am happy to provide the user to domain map outside of libvirt. I mainly want libvirt to provide a way to enforce such relationships, and limit the management features for TLS/TCP connections.
But http://libvirt.org/auth.html does mention how to auth users to libirtd in general.
Again this appears to focus on authN (with the exception of PolicyKit which provides both). I'm not sure PolicyKit will work with TLS/TCP connections since it appears to target unix sockets only (ie local users). Scott