Now that libvirt 0.4.0 is available, it is possible to do authentication
against PolicyKit and SASL. The latter gives Kerberos, PAM and Username
& passord based auth, and whatever else SASL supports. Of course some of
these methods require prompting for passwords, so this needs support in
client apps using libvirt. The changes I've just pushed to virt-manager
provide UI to let us prompt for usernames & passwords if the remote libvirt
server requests them. So we should now be able to handle any auth type
that libvirt offers.
Currently it'll always prompt each time you connect if the server needs
authentication, so we may wish to do further work to integrate with the
gnome-keyring to (optionally) save usernames/passwords.
Personally I use Kerberos authentication - Free IPA (www.freeipa.org)
makes it very easy to get a kerberos server up & running on your LAN.
If you make your desktop authenticate against kerberos, and turn on
kerberos in your libvirt servers, then you get automatic single-sign-on
between virt-manager & libvirt servers, no passwords required post-login.