[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Xen Management API draft

To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Mon, 26 Jun 2006 13:33:15 -0500
Cc: Xen-API <xen-api@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 26 Jun 2006 11:33:31 -0700
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>

Daniel P. Berrange wrote:

On Mon, Jun 26, 2006 at 04:12:39PM +0100, Ewan Mellor wrote:

On Sun, Jun 25, 2006 at 04:49:03PM +0100, Daniel P. Berrange wrote:

 * What is the motivation for implementing an explicit login_with_password
   method rather than utilizing the existing HTTP authentication protocols ?

We discussed this on xen-devel last week -- HTTP auth doesn't seem to be
widely supported, so we didn't want to rely upon it.  Also, this way we can
use the XML-RPC over something other than HTTP (such as a raw unix domain
socket).

Nothing about our XML-RPC interfaces is widely supported. We're talkingabout requiring per-call wrappers because of implicit typing? We'retalking about lots of code in the bindings. A little more isn't goingto hurt.

What would be involved in making this work?  The username / password is
already a step up for Xen -- how complicated is SASL or similar?


I'm not familiar enough with it to give any estimates on work involved, but
it would definitely be more complex than user/password, however, this is to
be expected given the much broader capabilities. There's fairly comprehensive
docs in the Cyrus SASL source distribution, for example,

I can speak from experience dealing with SASL. It's quite a nightmareto get right. What complicates matters is the fact that the twodifference kerberos libraries out there provide differing interfaces andI believe it is still the case that SuSE/RedHat ship different kerberoses.

XML-RPC over SSH would solve this general problem as PAM integratesquite nicely with any existing single sign-on.

BTW: I'm just getting to this mail from last week so I'll be respondinga bit out of order. Sorry.


Regards,

Anthony Liguori

  http://www.indelible.org/php/sasl/cyrus-sasl/programming.html

Another possibility would be to integrate with PAM, fully supporting the
conversation function callbacks

Regards,
Dan.



_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api

References:
- [Xen-API] Xen Management API draft
  - From: Ewan Mellor
- Re: [Xen-API] Xen Management API draft
  - From: Jim Fehlig
- Re: [Xen-API] Xen Management API draft
  - From: Daniel P. Berrange
- Re: [Xen-API] Xen Management API draft
  - From: Ewan Mellor
- Re: [Xen-API] Xen Management API draft
  - From: Daniel P. Berrange

Prev by Date: Re: [Xen-API] Xen Management API draft - portability
Next by Date: Re: [Xen-API] Xen Management API draft
Previous by thread: Re: [Xen-API] Xen Management API draft
Next by thread: Re: [Xen-API] Xen Management API draft
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.