WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] kerberos support for XCP

To: admin@xxxxxxxxxxx
Subject: Re: [Xen-devel] kerberos support for XCP
From: Michal Novotny <minovotn@xxxxxxxxxx>
Date: Wed, 23 Jun 2010 15:33:23 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, George Shuklin <nge@xxxxxxxx>
Delivery-date: Wed, 23 Jun 2010 06:35:29 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTileExP76rv5yA5cmJ-q555PN8XHed73eo1MQ-vr@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <293861277294239@xxxxxxxxxxxxxxx> <AANLkTileExP76rv5yA5cmJ-q555PN8XHed73eo1MQ-vr@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-3.fc13 Thunderbird/3.0.4
I think that George is thinking about implementing krb5 (Kerberos) mechanism for Xen host authorization directly into the XCP platform, i.e. the kerberos credentials (obtained by kinit) could be useful when the company is using one kerberos server infrastructure which means the one-password infrastructure and they can be using it for various authorizations when the ticket is already obtained and it could be useful for e.g. accessing websites, accessing some intranet tools as well as this is the request to implement it into the Xen infrastructure so the ticket could be used for everything in their company/network until the ticket expires.

Michal

On 06/23/2010 03:25 PM, David Markey wrote:
Do you mean via ssh, or via OpenXenCenter?

On 23 June 2010 12:57, George Shuklin <nge@xxxxxxxx <mailto:nge@xxxxxxxx>> wrote:

    Good day.

    I was thinking, is it possible to add kerberos support to XCP? By
    Kerberos mechanism, all hosts can trust each other without
    passwords (for example, by using xcp/host@realm principals), and
    nfs4 identification will be possible...
    --
    wBR,George.

    _______________________________________________
    Xen-devel mailing list
    Xen-devel@xxxxxxxxxxxxxxxxxxx <mailto:Xen-devel@xxxxxxxxxxxxxxxxxxx>
    http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


--
Michal Novotny<minovotn@xxxxxxxxxx>, RHCE
Virtualization Team (xen userspace), Red Hat


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>