From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Pasi Kärkkäinen" <pasik@iki.fi>
Cc: xen-devel@lists.xensource.com
Subject: Re: PATCH: 3/4: Add VNC auth support from upstream QEMU
Date: Tue, 30 Oct 2007 13:31:23 +0000 [thread overview]
Message-ID: <20071030133123.GA30487@redhat.com> (raw)
In-Reply-To: <20071030075359.GD5028@edu.joroinen.fi>
On Tue, Oct 30, 2007 at 09:53:59AM +0200, Pasi K?rkk?inen wrote:
> On Mon, Oct 29, 2007 at 09:52:47PM +0000, Daniel P. Berrange wrote:
> > This patch adds in the upstream QEMU VNC authentication code. This spports the previous
> > VNC password auth scheme, as well as the VeNCrypt protocol extenion. The latter allows
> > for performing a TLS handshake, and client verification of the server identify using
> > x509 certificates. It is also possible for the server to request a client certificate
> > and validate that as a simple auth scheme. The code depends on GNU TLS for SSL APIs,
> > and the configure script will auto-detect this.
>
> Might be a stupid question as I don't know what upstream QEMU VNC supports,
> but would it make sense to add user+pass authentication support (via pam) ?
This does not make much if any sense. There is no sensible mapping between
host user accounts & guest virtual machine console access. If one were to
add any further authentication to VNC, then it should be SASL based.
> UltraVNC supports this, at least against Windows/AD users.
That makes sense for UltraVNC because it is exposing the Windows desktop
sessions for users. It does not make sense for QEMU because we're not
exposing any sessions associated with host users.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
next prev parent reply other threads:[~2007-10-30 13:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-29 21:48 PATCH: 0/4: TLS encryption and x509 authentication for VNC Daniel P. Berrange
2007-10-29 21:51 ` PATCH: 1/4: QEMU event handler bug fix Daniel P. Berrange
2007-10-29 21:51 ` PATCH: 2/4: Revert current VNC auth support Daniel P. Berrange
2007-10-29 21:52 ` PATCH: 3/4: Add VNC auth support from upstream QEMU Daniel P. Berrange
2007-10-30 7:53 ` Pasi Kärkkäinen
2007-10-30 13:31 ` Daniel P. Berrange [this message]
2007-10-29 21:53 ` PATCH: 4/4: XenD config for VNC TLS protocol Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071030133123.GA30487@redhat.com \
--to=berrange@redhat.com \
--cc=pasik@iki.fi \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.