On Sun, Mar 22, 2009 at 12:13:26PM -0700, Scott Beardsley wrote: > > > SASL is being supported. > > Check out http://fedoraproject.org/wiki/Features/VirtVNCAuth > > Doesn't SASL only provide an authentication (aka authN) layer? I'm > looking for an authorization (aka authZ) layer. I'm using client SSL > certs for authN. That is correct. libvirtd currently provides TLS and SASL for their encryption and authentication capabilities. Fine grained access control is a TODO item... > Again this appears to focus on authN (with the exception of PolicyKit > which provides both). I'm not sure PolicyKit will work with TLS/TCP > connections since it appears to target unix sockets only (ie local users). That is correct, PolicyKit is for UNIX domain sockets only. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list