Now that libvirt 0.4.0 is available, it is possible to do authentication
against PolicyKit and SASL. The latter gives Kerberos, PAM and Username
& passord based auth, and whatever else SASL supports. Of course some of
these methods require prompting for passwords, so this needs support in
client apps using libvirt. The changes I've just pushed to virt-manager
provide UI to let us prompt for usernames & passwords if the remote libvirt
server requests them. So we should now be able to handle any auth type
that libvirt offers.

Currently it'll always prompt each time you connect if the server needs
authentication, so we may wish to do further work to integrate with the
gnome-keyring to (optionally) save usernames/passwords.

Personally I use Kerberos authentication - Free IPA (www.freeipa.org)
makes it very easy to get a kerberos server up & running on your LAN.
If you make your desktop authenticate against kerberos, and turn on
kerberos in your libvirt servers, then you get automatic single-sign-on
between virt-manager & libvirt servers, no passwords required post-login.

Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools