This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-API] Xen Management API draft

To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-API] Xen Management API draft
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Mon, 26 Jun 2006 13:33:15 -0500
Cc: Xen-API <xen-api@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 26 Jun 2006 11:33:31 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060626154157.GE30083@xxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <20060622170130.GI25606@xxxxxxxxxxxxxxxxxxxxxx> <449C7DB8.4000504@xxxxxxxxxx> <20060625154903.GC30399@xxxxxxxxxx> <20060626151239.GB9884@xxxxxxxxxxxxxxxxxxxxxx> <20060626154157.GE30083@xxxxxxxxxx>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20060615)
Daniel P. Berrange wrote:
On Mon, Jun 26, 2006 at 04:12:39PM +0100, Ewan Mellor wrote:
On Sun, Jun 25, 2006 at 04:49:03PM +0100, Daniel P. Berrange wrote:
 * What is the motivation for implementing an explicit login_with_password
   method rather than utilizing the existing HTTP authentication protocols ?
We discussed this on xen-devel last week -- HTTP auth doesn't seem to be
widely supported, so we didn't want to rely upon it.  Also, this way we can
use the XML-RPC over something other than HTTP (such as a raw unix domain

Nothing about our XML-RPC interfaces is widely supported. We're talking about requiring per-call wrappers because of implicit typing? We're talking about lots of code in the bindings. A little more isn't going to hurt.

What would be involved in making this work?  The username / password is
already a step up for Xen -- how complicated is SASL or similar?

I'm not familiar enough with it to give any estimates on work involved, but
it would definitely be more complex than user/password, however, this is to
be expected given the much broader capabilities. There's fairly comprehensive
docs in the Cyrus SASL source distribution, for example,

I can speak from experience dealing with SASL. It's quite a nightmare to get right. What complicates matters is the fact that the two difference kerberos libraries out there provide differing interfaces and I believe it is still the case that SuSE/RedHat ship different kerberoses.

XML-RPC over SSH would solve this general problem as PAM integrates quite nicely with any existing single sign-on.

BTW: I'm just getting to this mail from last week so I'll be responding a bit out of order. Sorry.


Anthony Liguori


Another possibility would be to integrate with PAM, fully supporting the
conversation function callbacks


xen-api mailing list