WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-api

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-API] Use of PAM

from [Ewan Mellor] [Permanent Link][Original]
To: John Levon <john.levon@xxxxxxx>
Subject: Re: [Xen-API] Use of PAM
From: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Date: Wed, 7 Feb 2007 09:22:59 +0000
Cc: xen-api@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 07 Feb 2007 01:27:10 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070206202913.GA18207@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <20070205022854.GA16267@xxxxxxxxxxxxxxxxx> <20070206155859.GM6150@xxxxxxxxxxxxxxxxxxxxxx> <20070206202913.GA18207@xxxxxxxxxxxxxxxxx>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Tue, Feb 06, 2007 at 08:29:13PM +0000, John Levon wrote:

> I suppose I don't quite understand what the PAM usage in xend is for then. It
> can't provide any additional security (since we must gate users at the point 
> of
> access over a secure transport). Obviously you'd like 'username' so that later
> auditing features can use it, but surely it's the responsibility of the secure
> transport to provide that and make sure it's authorized anyway.

Your secure transport might not have any per-user authentication.  It would
not be unreasonable to use SSL without client certificates, for example.

Ewan.

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-API] Use of PAM, John Levon
Next by Date:  [Xen-API] reusing a session after an error from xend, Stefan Berger
Previous by Thread:  Re: [Xen-API] Use of PAM, John Levon
Next by Thread:  [Xen-API] reusing a session after an error from xend, Stefan Berger
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy