[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Use of PAM

To: John Levon <john.levon@xxxxxxx>
From: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Date: Wed, 7 Feb 2007 09:22:59 +0000
Cc: xen-api@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 07 Feb 2007 01:27:10 -0800
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>

On Tue, Feb 06, 2007 at 08:29:13PM +0000, John Levon wrote:

> I suppose I don't quite understand what the PAM usage in xend is for then. It
> can't provide any additional security (since we must gate users at the point 
> of
> access over a secure transport). Obviously you'd like 'username' so that later
> auditing features can use it, but surely it's the responsibility of the secure
> transport to provide that and make sure it's authorized anyway.

Your secure transport might not have any per-user authentication.  It would
not be unreasonable to use SSL without client certificates, for example.

Ewan.

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api

References:
- [Xen-API] Use of PAM
  - From: John Levon
- Re: [Xen-API] Use of PAM
  - From: Ewan Mellor
- Re: [Xen-API] Use of PAM
  - From: John Levon

Prev by Date: Re: [Xen-API] Use of PAM
Next by Date: [Xen-API] reusing a session after an error from xend
Previous by thread: Re: [Xen-API] Use of PAM
Next by thread: [Xen-API] reusing a session after an error from xend
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.