Re: [Qemu-devel] [PATCH] let management expire vnc password

["Daniel P. Berrange" <berrange@redhat.com>]

On Wed, Sep 30, 2009 at 04:03:20PM -0500, Anthony Liguori wrote:
> Dan Kenigsberg wrote:
> >The rationale is central management of access to virtual machines.
> >
> >Normally, no vnc access to VMs is allowed. A user with enough
> >credentials may request the management tool for a short-lived
> >"ticket" to connect to a VM. If the user uses it, great. But after the
> >ticket expires, no further connections are allowed.
> >  
> 
> Couldn't you implement the same feature with an IP tables rule (prevent 
> new connections from being established)?
> 
> I'm not convinced this functionality is very useful generally so I think 
> I'd prefer not to merge it.

I think it is a pretty valid use case, though I don't like the proposed
implementation. In essence it is implementing one-time-passwords instead
of multi-use passwords and both of those are reasonable concepts. Having
to implement one-time passwords using multi-use passwords + iptables is
a really bad, over complicated hack, particularly considering how trivial
this is todo in QEMU.

In terms of impl though, rather than having separate a 'expire_password'
command, I think  it would be preferrable to have alternative syntax for
setting initial credentials 

    change vnc passwd     (for multi-use passwords)
    change vnc otp        (for single-use passwords)

Or, extend the existing 'change vnc passwd' command to allow optional
flags as a 4th argument.

     change vnc passwd otp

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|