WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend

from [Ian Pratt] [Permanent Link][Original]
To: "Anthony Liguori" <aliguori@xxxxxxxxxx>, "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 09:10:22 +0100
Cc: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Delivery-date: Fri, 09 Jun 2006 01:12:26 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcaLanPeLAuoDX3nSXu+bjLx/FoY9QAMWmYA
Thread-topic: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend 
> The following patch implements a secure XML-RPC protocol for Xend.
> Instead of using HTTPS with basic authentication and dealing with all
> that nasty OpenSSL/PAM integration, it just uses SSH.  This gives you
> all the properties you want (great security and PAM integration) with
> very little code.

I think we just have to bite the bullet on this one. OpenSSL/PAM
integration isn't that hard, and it makes things much cleaner from a
client point of view, which is what really matters.

We can always use "stunnel" to make life easier.

Ian

 
> There are some minor issues so I'd rather it not be applied
> immediately.  I'd like to get some feedback from people as to whether
> this approach is reasonable.  A user-facing change is that now you can
> use the XM_SERVER environmental variable to specific an XML-RPC URI.
> 
> For instance:
> 
> XM_SERVER='ssh://root@xxxxxxxxxxxxxxxxxxxxx/RPC2' xm list
> 
> Runs xm list on a local machine but does all of the RPCs over a secure
> connection (prompting for passwords).
> 
> Thoughts?
> 
> Regards,
> 
> Anthony Liguori
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] ata_piix SATA driver broken under Xen?, Ian Pratt
Next by Date:  Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy
Previous by Thread:  [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor
Next by Thread:  Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy