On Wed, Jul 09, 2008 at 07:18:32AM -0700, Michael March wrote:
>
> >On Wed, Jul 09, 2008 at 06:57:11AM -0700, Michael March wrote:
> >
> >>This might not be the 'right way' but here is how I handled
> >>communication to each Xen instance my web interface is managing. I used
> >>the ssh style connect string.. even if it was a local instance.. here is
> >>a line ripped right from my code:
> >>
> >>server_list={"michael":['127.0.0.1',""], "tito":['192.168.101.5',""],
> >>"jermaine":['192.168.101.6',""}
> >>
> >>.. then later in my code...
> >>
> >>for server in server_list:
> >> server_list[server][1] =
> >>libvirt.open('xen+ssh://root@'+server_list[server][0]+'/')
> >>
> >
> >I wouldn't recommend using the SSH transport for serious management
> >tools. If you want a simple username/password based auth scheme which
> >is trivial to setup, then the Digest-MD5 scheme is best bet. The
> >SSH tunnel capability is handy for ad-hoc sysadmin work, but it suffers
> >from having a high initial connection overhead and poor diagnostics
> >when things go wrong.
> >
> >Digest-MD5 is easy to setup, only requiring you to create a user on each
> >managed node which your app will authenticate as:
> >
> > http://libvirt.org/auth.html#ACL_server_username
> >
>
> When I looked at this it *seemed* you had to embed the username and
> password someplace in your code or a config file... did I get the wrong
> impression?
That is correct - you'll need to store the password somewhere in your
client app. I'd recommend keeping it in a file and then using UNIX file
permissions to ensure only your app can read the file.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list