[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Xen Management API draft

Daniel P. Berrange wrote:
On Mon, Jun 26, 2006 at 04:12:39PM +0100, Ewan Mellor wrote:
On Sun, Jun 25, 2006 at 04:49:03PM +0100, Daniel P. Berrange wrote:
 * What is the motivation for implementing an explicit login_with_password
   method rather than utilizing the existing HTTP authentication protocols ?
We discussed this on xen-devel last week -- HTTP auth doesn't seem to be
widely supported, so we didn't want to rely upon it.  Also, this way we can
use the XML-RPC over something other than HTTP (such as a raw unix domain

Nothing about our XML-RPC interfaces is widely supported. We're talking about requiring per-call wrappers because of implicit typing? We're talking about lots of code in the bindings. A little more isn't going to hurt.

What would be involved in making this work?  The username / password is
already a step up for Xen -- how complicated is SASL or similar?

I'm not familiar enough with it to give any estimates on work involved, but
it would definitely be more complex than user/password, however, this is to
be expected given the much broader capabilities. There's fairly comprehensive
docs in the Cyrus SASL source distribution, for example,

I can speak from experience dealing with SASL. It's quite a nightmare to get right. What complicates matters is the fact that the two difference kerberos libraries out there provide differing interfaces and I believe it is still the case that SuSE/RedHat ship different kerberoses.

XML-RPC over SSH would solve this general problem as PAM integrates quite nicely with any existing single sign-on.

BTW: I'm just getting to this mail from last week so I'll be responding a bit out of order. Sorry.


Anthony Liguori


Another possibility would be to integrate with PAM, fully supporting the
conversation function callbacks


xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.