Now that libvirt 0.4.0 is available, it is possible to do authentication against PolicyKit and SASL. The latter gives Kerberos, PAM and Username & passord based auth, and whatever else SASL supports. Of course some of these methods require prompting for passwords, so this needs support in client apps using libvirt. The changes I've just pushed to virt-manager provide UI to let us prompt for usernames & passwords if the remote libvirt server requests them. So we should now be able to handle any auth type that libvirt offers. Currently it'll always prompt each time you connect if the server needs authentication, so we may wish to do further work to integrate with the gnome-keyring to (optionally) save usernames/passwords. Personally I use Kerberos authentication - Free IPA (www.freeipa.org) makes it very easy to get a kerberos server up & running on your LAN. If you make your desktop authenticate against kerberos, and turn on kerberos in your libvirt servers, then you get automatic single-sign-on between virt-manager & libvirt servers, no passwords required post-login. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools
