xen-api

[Top] [All Lists]

Re: [Xen-API] Xen Management API draft

from [Daniel P. Berrange]

[Permanent Link][Original]

To:	Ewan Mellor <ewan@xxxxxxxxxxxxx>
Subject:	Re: [Xen-API] Xen Management API draft
From:	"Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date:	Mon, 26 Jun 2006 16:41:57 +0100
Cc:	Xen-API <xen-api@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Mon, 26 Jun 2006 08:42:13 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<20060626151239.GB9884@xxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-api-request@lists.xensource.com?subject=help>
List-id:	Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post:	<mailto:xen-api@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References:	<20060622170130.GI25606@xxxxxxxxxxxxxxxxxxxxxx> <449C7DB8.4000504@xxxxxxxxxx> <20060625154903.GC30399@xxxxxxxxxx> <20060626151239.GB9884@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to:	"Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender:	xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.4.1i

On Mon, Jun 26, 2006 at 04:12:39PM +0100, Ewan Mellor wrote:
> On Sun, Jun 25, 2006 at 04:49:03PM +0100, Daniel P. Berrange wrote:
> >  * What is the motivation for implementing an explicit login_with_password
> >    method rather than utilizing the existing HTTP authentication protocols ?
> 
> We discussed this on xen-devel last week -- HTTP auth doesn't seem to be
> widely supported, so we didn't want to rely upon it.  Also, this way we can
> use the XML-RPC over something other than HTTP (such as a raw unix domain
> socket).
> 
> >    The proposed login API utilizing a simple username/password pair is quite
> >    limiting, preventing the use of any of the more advanced authentication
> >    protocols such as challenge/response, public / private key, kerberos 
> >    ticket passing.
> > 
> >    The latter would be particuarly important if the apps using this API want
> >    to integrate with any kind of single sign on system. Perhaps it would be
> >    possible to define a more advanced login process which could be backed by
> >    something like SASL
> > 
> >      http://www.ietf.org/rfc/rfc2222.txt
> >      http://asg.web.cmu.edu/sasl/
> 
> What would be involved in making this work?  The username / password is
> already a step up for Xen -- how complicated is SASL or similar?

I'm not familiar enough with it to give any estimates on work involved, but
it would definitely be more complex than user/password, however, this is to
be expected given the much broader capabilities. There's fairly comprehensive
docs in the Cyrus SASL source distribution, for example,

  http://www.indelible.org/php/sasl/cyrus-sasl/programming.html

Another possibility would be to integrate with PAM, fully supporting the
conversation function callbacks

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-API] Xen Management API draft, (continued) Re: [Xen-API] Xen Management API draft, Ewan Mellor Re: [Xen-API] Xen Management API draft, Ewan Mellor Re: [Xen-API] Xen Management API draft, Daniel P. Berrange [Xen-API] Wed 2/28 conf call 11-12am PT, Gareth S Bestor Re: [Xen-API] Xen Management API draft, Ewan Mellor Re: [Xen-API] Xen Management API draft, Jim Fehlig Re: [Xen-API] Xen Management API draft, Stefan Berger Re: [Xen-API] Xen Management API draft, Jim Fehlig Re: [Xen-API] Xen Management API draft, Daniel P. Berrange Re: [Xen-API] Xen Management API draft, Ewan Mellor Re: [Xen-API] Xen Management API draft, Daniel P. Berrange <= Re: [Xen-API] Xen Management API draft, Anthony Liguori Re: [Xen-API] Xen Management API draft, Ewan Mellor Re: [Xen-API] Xen Management API draft, Daniel P. Berrange Re: [Xen-API] Xen Management API draft, Anthony Liguori Re: [Xen-API] Xen Management API draft, Mike D. Day Re: [Xen-API] Xen Management API draft, Jim Fehlig Re: [Xen-API] Xen Management API draft, Gareth S Bestor RE: [Xen-API] Xen Management API draft, Ian Pratt Re: [Xen-API] Xen Management API draft, Daniel Veillard Re: [Xen-API] Xen Management API draft, Ewan Mellor

Previous by Date:	Re: [Xen-API] Xen Management API draft, Ewan Mellor
Next by Date:	Re: [Xen-API] Xen Management API draft, Ewan Mellor
Previous by Thread:	Re: [Xen-API] Xen Management API draft, Ewan Mellor
Next by Thread:	Re: [Xen-API] Xen Management API draft, Anthony Liguori
Indexes:	[Date] [Thread] [Top] [All Lists]