On Mon, 2011-01-03 at 09:19 -0500, Stefan Berger wrote: > One issue is probably around migration and the server > (qemu-referenced) x509 certificates. If the certificates are embedded > (rather than referenced) in the domain XML they will automatically > migrate when the VM migrates, which is desirable. Otherwise migration > becomes (again) problematic and layers above libvirt would have to > take care of their migration. > > > The VNC session will still be lost due to the change of host and thus > the IP address and the client user will need to learn about the new > VNC port as well. Don't you have the same problem at the moment with the existing per Host SASL authentication? I was more concerned with adding access list filters to the individual VMs after the authentication has happened. And surely those would migrate since they are contained within the configuration of the running process? I wasn't thinking of touching the authentication layer at all, more adding an authorization filter layer. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list