From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JBYcH-0001Wu-Fu for qemu-devel@nongnu.org; Sun, 06 Jan 2008 11:44:53 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JBYcE-0001RG-TT for qemu-devel@nongnu.org; Sun, 06 Jan 2008 11:44:52 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JBYcE-0001Qg-6p for qemu-devel@nongnu.org; Sun, 06 Jan 2008 11:44:50 -0500 Received: from mx1.redhat.com ([66.187.233.31]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JBYcD-0003kW-PT for qemu-devel@nongnu.org; Sun, 06 Jan 2008 11:44:50 -0500 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m06Gihkt024388 for ; Sun, 6 Jan 2008 11:44:44 -0500 Received: from file.surrey.redhat.com (file.fab.redhat.com [10.33.63.6]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m06Gih9i019093 for ; Sun, 6 Jan 2008 11:44:43 -0500 Received: (from berrange@localhost) by file.surrey.redhat.com (8.13.1/8.13.1/Submit) id m06GigVB022633 for qemu-devel@nongnu.org; Sun, 6 Jan 2008 16:44:42 GMT Date: Sun, 6 Jan 2008 16:44:42 +0000 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] [PATCH] Let user set vnc password from command line or file Message-ID: <20080106164442.GA21083@redhat.com> References: <4780B166.6010701@tiscali.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4780B166.6010701@tiscali.it> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Sun, Jan 06, 2008 at 11:45:58AM +0100, Leandro Dardini wrote: > Here is a little patch to let the user specify the vnc server password > in the command line (yes, it is visible with the ps command) or via an > external file (better choice). This adds two new arguments, > -vnc-password and -vnc-password-file. The file containing the vnc > password is in clear. Providing a password which is clearly visible on the command line to all users of a machine is unacceptable. This capability was *explicitly* left out when I did the original VNC password support in QEMU. Providing a password via a file is reasonable, but this should be made more general than just VNC. QCow2 disks files can be encrypted and require passwords too. So I think it'd be more useful to have a '-passwd-file file' arg, and in that file have 1 line per (device, password) pair. eg Assuming use of VNC, and 2 qcow encrypted disks one might have: vnc: 123456 hda: mysecret hdb: othersecret Perhaps 'hda' should be the more general syntax used by the -drive param instead, or even the qcow file name... Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|