[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Xen Management API draft

On Mon, Jun 26, 2006 at 04:12:39PM +0100, Ewan Mellor wrote:
> On Sun, Jun 25, 2006 at 04:49:03PM +0100, Daniel P. Berrange wrote:
> >  * What is the motivation for implementing an explicit login_with_password
> >    method rather than utilizing the existing HTTP authentication protocols ?
> We discussed this on xen-devel last week -- HTTP auth doesn't seem to be
> widely supported, so we didn't want to rely upon it.  Also, this way we can
> use the XML-RPC over something other than HTTP (such as a raw unix domain
> socket).
> >    The proposed login API utilizing a simple username/password pair is quite
> >    limiting, preventing the use of any of the more advanced authentication
> >    protocols such as challenge/response, public / private key, kerberos 
> >    ticket passing.
> > 
> >    The latter would be particuarly important if the apps using this API want
> >    to integrate with any kind of single sign on system. Perhaps it would be
> >    possible to define a more advanced login process which could be backed by
> >    something like SASL
> > 
> >      http://www.ietf.org/rfc/rfc2222.txt
> >      http://asg.web.cmu.edu/sasl/
> What would be involved in making this work?  The username / password is
> already a step up for Xen -- how complicated is SASL or similar?

I'm not familiar enough with it to give any estimates on work involved, but
it would definitely be more complex than user/password, however, this is to
be expected given the much broader capabilities. There's fairly comprehensive
docs in the Cyrus SASL source distribution, for example,


Another possibility would be to integrate with PAM, fully supporting the
conversation function callbacks

|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.