@gduperrey I thought I had. I was replying to that thread and the forum software prompted me to click to reload. It continued to show the contents of the thread above as I clicked to post my reply, so if it opened a new thread, I count that as a bug in the forum, not user error

@sborrill And for completeness, try pvshim (a.k.a. pv-in-pvh) using xl: Download https://ftp.netbsd.org/pub/NetBSD/NetBSD-10.1/amd64/binary/kernel/netbsd-INSTALL_XEN3_DOMU.gz Create /root/nbpv containing: name = "nbpv" type="pvh" pvshim=1 pvshim_cmdline="pv-shim console=xen pv-linear-pt=true" kernel = "/root/netbsd-INSTALL_XEN3_DOMU.gz" memory = 1024 Boot VM successfully with xl create -c nbpv So pv-in-pvh does work (does require pv-linear-pt=true on shim command line though).

That's because doing a snapshot will have consequences on the SR. That's why we restricted the permissions for doing snapshot.

I actually like the current implementation. I am currently using this setup to allow an admin user to have 2 accounts managed by one authentication back-end. One account is a typical self-service user to consume resources according to ACL/Self-service rule sets The other account is used to manage Admin features like backups and XO settings (environment with multiple admins who also consume resources from a shared pool with other departments/teams) I use separate accounts so when admin users create VMs it can go to the appropriate self-service container. I hope any fixes to address the above concern doesn't completely remote this capability or at least adds another method of achieving this.

@sborrill I have a work-in-progress branch with a plugin for this: https://github.com/vatesfr/xen-orchestra/pull/4701 To test, you will need to checkout this branch, add a symlink to the packages/xo-server-auth-http plugin into the directory xo-server/node_modules and then to configure and unable the plugin from XO. This will make basic authentication available with the path /signin/basic, note that you can make it the default authentication by overriding authentication.defaultSignInPage in your configuration file. julien-f opened this pull request in vatesfr/xen-orchestra open WiP: feat(xo-server): support HTTP basic auth #4701