> SASL is being supported. > Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth Doesn't SASL only provide an authentication (aka authN) layer? I'm looking for an authorization (aka authZ) layer. I'm using client SSL certs for authN. > I don't know how users will be mapped to domains or if that's been > discussed. > http://libvirt.org/formatdomain.html I am happy to provide the user to domain map outside of libvirt. I mainly want libvirt to provide a way to enforce such relationships, and limit the management features for TLS/TCP connections. > But http://libvirt.org/auth.html does mention how to auth users to > libirtd in general. Again this appears to focus on authN (with the exception of PolicyKit which provides both). I'm not sure PolicyKit will work with TLS/TCP connections since it appears to target unix sockets only (ie local users). Scott -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list