Re: [Xen-devel] 3.0.5 and Xen API security

[Stefan Berger <stefanb@xxxxxxxxxx>]

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/20/2007
01:22:45 PM:

> On Fri, Apr 20, 2007 at 05:20:15PM +0100, John Levon wrote:
> > 
> > I talked with Ewan about this a little bit, but thinking some
more it
> > seems like we really need to resolve this before 3.0.5.
> > 
> 
> > We need to change xend to use the 'xend' service, and deliver
an
> > /etc/pam.d/xend file. Since there is no infrastructure yet for
deciding
> > if a user can control xend, it seems like this should always
refuse
> > authentication unless the certificate stuff has verified correctly.
Or
> > at least we must actively disable connections except over the
unix
> > socket or authenticated SSL.
> 
> The question when using PAM is really what user database are we authenticating
> against ? Do we auth against 'root', or any local user, or a completely
> separate list of users. I'd really imagine the latter, since places
may
> well want to separate the general sysadmin role, from the XenD management
> roles.

The xen-api has a class user that probably was meant
for this purpose. There could be a 'sysadmin' user with a default password
or the root password preinstalled on a system.
It looks like the record of a user should be extended
with a (write-only) password field and maybe a change_password() method.

   Stefan 

> 
> Dan.
> -- 
> |=- Red Hat, Engineering, Emerging Technologies, Boston.  +1
978 392 2496 -=|
> |=-           Perl modules: http://search.cpan.org/~danberr/
             -=|
> |=-               Projects: http://freshmeat.net/~danielpb/
              -=|
> |=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF
F742 7D3B 9505  -=| 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel