[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend

> The following patch implements a secure XML-RPC protocol for Xend.
> Instead of using HTTPS with basic authentication and dealing with all
> that nasty OpenSSL/PAM integration, it just uses SSH.  This gives you
> all the properties you want (great security and PAM integration) with
> very little code.

I think we just have to bite the bullet on this one. OpenSSL/PAM
integration isn't that hard, and it makes things much cleaner from a
client point of view, which is what really matters.

We can always use "stunnel" to make life easier.


> There are some minor issues so I'd rather it not be applied
> immediately.  I'd like to get some feedback from people as to whether
> this approach is reasonable.  A user-facing change is that now you can
> use the XM_SERVER environmental variable to specific an XML-RPC URI.
> For instance:
> XM_SERVER='ssh://root@xxxxxxxxxxxxxxxxxxxxx/RPC2' xm list
> Runs xm list on a local machine but does all of the RPCs over a secure
> connection (prompting for passwords).
> Thoughts?
> Regards,
> Anthony Liguori

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.