diff options
author | Ewan Mellor <ewan@xensource.com> | 2006-11-28 11:31:46 +0000 |
---|---|---|
committer | Ewan Mellor <ewan@xensource.com> | 2006-11-28 11:31:46 +0000 |
commit | 2e873d3d17a6853c8a29af7a7255abfafd96bef6 (patch) | |
tree | f4a33dbe8755ccf87942ac8ab9b69240f8bb3801 /tools/examples/xend-config.sxp | |
parent | 46873848fbca95a815ec446900e3ccdfe299beab (diff) | |
download | xen-2e873d3d17a6853c8a29af7a7255abfafd96bef6.tar.gz xen-2e873d3d17a6853c8a29af7a7255abfafd96bef6.tar.bz2 xen-2e873d3d17a6853c8a29af7a7255abfafd96bef6.zip |
Added configuration for authentication through Xen-API -- it can now be set
to use PAM, or to be turned off entirely, on a listener by listener basis.
Listen on a different unix domain socket for the Xen-API server, so that it
can co-exist with the others.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
Diffstat (limited to 'tools/examples/xend-config.sxp')
-rw-r--r-- | tools/examples/xend-config.sxp | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp index 79768c74eb..71d30bceb9 100644 --- a/tools/examples/xend-config.sxp +++ b/tools/examples/xend-config.sxp @@ -14,32 +14,42 @@ #(logfile /var/log/xen/xend.log) #(loglevel DEBUG) -# The Xen-API server configuration. (Please note that this server is available -# as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied upon). + +# The Xen-API server configuration. (Please note that this server is +# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied +# upon). # # This value configures the ports, interfaces, and access controls for the # Xen-API server. Each entry in the list starts with either unix, a port # number, or an address:port pair. If this is "unix", then a UDP socket is # opened, and this entry applies to that. If it is a port, then Xend will -# listen on all interfaces on that TCP port, and if it is an address:port pair, -# then Xend will listen on the specified port, using the interface with the -# specified address. +# listen on all interfaces on that TCP port, and if it is an address:port +# pair, then Xend will listen on the specified port, using the interface with +# the specified address. +# +# The subsequent string configures the user-based access control for the +# listener in question. This can be one of "none" or "pam", indicating either +# that users should be allowed access unconditionally, or that the local +# Pluggable Authentication Modules configuration should be used. If this +# string is missing or empty, then "pam" is used. # -# The subsequent string gives the access control for the listener in question. -# If this is missing or empty, then all connections are accepted. -# Otherwise, this should be a space-separated sequence of regular expressions; -# any host with a fully-qualified domain name or an IP address that matches one -# of these regular expressions will be accepted. +# The final string gives the host-based access control for that listener. If +# this is missing or empty, then all connections are accepted. Otherwise, +# this should be a space-separated sequence of regular expressions; any host +# with a fully-qualified domain name or an IP address that matches one of +# these regular expressions will be accepted. # -# Example: +# Example: listen on TCP port 9363 on all interfaces, accepting connections +# only from machines in example.com or localhost, and allow access through +# the unix domain socket unconditionally: # -# Listen on TCP port 9363 on all interfaces, accepting connections only from -# machines in example.com or localhost. -# (xen-api-server ((9363 '^localhost$ example\\.com$'))) +# (xen-api-server ((9363 pam '^localhost$ example\\.com$') +# (unix none))) # # Default: # (xen-api-server ((unix))) + #(xend-http-server no) #(xend-unix-server no) #(xend-tcp-xmlrpc-server no) |