Re: [libvirt] libvirt authorization
SASL is being supported.
Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth
Doesn't SASL only provide an authentication (aka authN) layer? I'm
looking for an authorization (aka authZ) layer. I'm using client SSL
certs for authN.
I don't know how users will be mapped to domains or if that's
been
discussed.
http://libvirt.org/formatdomain.html
I am happy to provide the user to domain map outside of libvirt. I
mainly want libvirt to provide a way to enforce such relationships, and
limit the management features for TLS/TCP connections.
But http://libvirt.org/auth.html does mention how to auth users to
libirtd in general.
Again this appears to focus on authN (with the exception of PolicyKit
which provides both). I'm not sure PolicyKit will work with TLS/TCP
connections since it appears to target unix sockets only (ie local users).
Scott