From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michal Novotny <minovotn@redhat.com>
Subject: Re: kerberos support for XCP
Date: Wed, 23 Jun 2010 15:33:23 +0200
Message-ID: <4C220D23.3020106@redhat.com>
References: <293861277294239@web14.yandex.ru>
	<AANLkTileExP76rv5yA5cmJ-q555PN8XHed73eo1MQ-vr@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <AANLkTileExP76rv5yA5cmJ-q555PN8XHed73eo1MQ-vr@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: admin@dmarkey.com
Cc: xen-devel@lists.xensource.com, George Shuklin <nge@narod.ru>
List-Id: xen-devel@lists.xenproject.org

I think that George is thinking about implementing krb5 (Kerberos) 
mechanism for Xen host authorization directly into the XCP platform, 
i.e. the kerberos credentials (obtained by kinit) could be useful when 
the company is using one kerberos server infrastructure which means the 
one-password infrastructure and they can be using it for various 
authorizations when the ticket is already obtained and it could be 
useful for e.g. accessing websites, accessing some intranet tools as 
well as this is the request to implement it into the Xen infrastructure 
so the ticket could be used for everything in their company/network 
until the ticket expires.

Michal

On 06/23/2010 03:25 PM, David Markey wrote:
> Do you mean via ssh, or via OpenXenCenter?
>
> On 23 June 2010 12:57, George Shuklin <nge@narod.ru 
> <mailto:nge@narod.ru>> wrote:
>
>     Good day.
>
>     I was thinking, is it possible to add kerberos support to XCP? By
>     Kerberos mechanism, all hosts can trust each other without
>     passwords (for example, by using xcp/host@realm principals), and
>     nfs4 identification will be possible...
>     --
>     wBR,George.
>
>     _______________________________________________
>     Xen-devel mailing list
>     Xen-devel@lists.xensource.com <mailto:Xen-devel@lists.xensource.com>
>     http://lists.xensource.com/xen-devel
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>    


-- 
Michal Novotny<minovotn@redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat