WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend

from [Anil Madhavapeddy]

[Permanent Link][Original]

To:	Daniel Veillard <veillard@xxxxxxxxxx>
Subject:	Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend
From:	Anil Madhavapeddy <anil@xxxxxxxxxx>
Date:	Fri, 9 Jun 2006 09:54:44 +0100
Cc:	xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ewan Mellor <ewan@xxxxxxxxxxxxx>
Delivery-date:	Fri, 09 Jun 2006 01:55:01 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<20060609084147.GH31509@xxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<4488D93D.7070303@xxxxxxxxxx> <20060609083434.GA19035@xxxxxxxxxxxxxxx> <20060609084147.GH31509@xxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.11

On Fri, Jun 09, 2006 at 04:41:48AM -0400, Daniel Veillard wrote:
> 
>    SSH authentication is really expensive especially when you compare to
> other cost in the XML-RPC. I would really like some persistency
> of the connection if possible, especially for operations like monitoring,
> it's okay to reopen from time to time, but without reuse it would just not
> work.

Yes, but the right place to do it is not in Xend.  The auth caching
can be set up outside of Xend much more robustly depending on your
version of OpenSSH.  If done in Xend, then it definitely needs to
use the wildcard support in ControlPath to avoid the authentication
race condition, and an OpenSSH version check.

As Ian says, stunnel/SSL is probably easier from the client's point
of view (although I do like the easier SSH key management this patch
allows).

Anil

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Matthew Palmer Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Daniel Veillard Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy <= [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori Re: [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Daniel Veillard [Xen-devel] Re: Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor RE: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Ian Pratt Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor

Previous by Date:	[Xen-devel] grant table issue, Xin Zhao
Next by Date:	Re: [Xen-devel] grant table issue, Keir Fraser
Previous by Thread:	Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Daniel Veillard
Next by Thread:	[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix