Re: [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances.
Date: Wed, 15 Oct 2014 13:51:47 +0100	[thread overview]
Message-ID: <20141015125147.GC3741@redhat.com> (raw)
In-Reply-To: <1413375585-20301-1-git-send-email-kraxel@redhat.com>

On Wed, Oct 15, 2014 at 02:19:39PM +0200, Gerd Hoffmann wrote:
>   Hi,
> 
> This patch series adds support for multiple vnc server instances to
> qemu.  This comes handy in multiseat configurations as you can have
> one vnc server for each set then.
> 
> Some cleanups along the way (use QemuOpts).  Also added support for
> limiting the number of parallel vnc connections.
> 
> To be done: monitor support.  I think the best way to handle this is to
> introduce a new command to query vnc server state, which returns a list
> of vnc servers but otherwise works like "query-vnc".  Alternative
> approach would be to add a optional 'id=' parameter to query-vnc, but
> then you'll need a new list-vnc command.
> 
> Opinions on this?
> 
> set_password and expire_password commands should be easy, they can be
> extended with an optional 'id=' parameter.

In any serious deployment password auth won't be something that's used
due to its horrific insecurity. For TLS/SASL authentication protocols
we currently have a single acces control list defined

   qemu_acl_init("vnc.x509dname")   (validates x509 certificate)
   qemu_acl_init("vnc.username")    (validates SASL user name)

I think we are going to need to make one ACL list per seat. eg

   qemu_acl_init("vnc.x509dname")   (validates x509 certificate on seat 0)
   qemu_acl_init("vnc.username")    (validates SASL user name on seat 0)

   qemu_acl_init("vnc.x509dname.1")   (validates x509 certificate on seat 1)
   qemu_acl_init("vnc.username.1")    (validates SASL user name on seat 1)

   qemu_acl_init("vnc.x509dname.2")   (validates x509 certificate on seat 2)
   qemu_acl_init("vnc.username.2")    (validates SASL user name on seat 2)

Note, not changing the first ACL names for compat reasons.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

next prev parent reply	other threads:[~2014-10-15 12:52 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-15 12:19 [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 1/6] vnc: remove vnc_display global Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 2/6] vnc: remove unused DisplayState parameter, add id instead Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 3/6] vnc: switch to QemuOpts, allow multiple servers Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 4/6] vnc: allow binding servers to qemu consoles Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 5/6] vnc: update docs/multiseat.txt Gerd Hoffmann
2014-10-15 12:19 ` [Qemu-devel] [PATCH 6/6] vnc: track & limit connections Gerd Hoffmann
2014-10-15 12:31   ` Daniel P. Berrange
2014-10-15 14:19     ` Gerd Hoffmann
2014-10-15 14:39       ` Daniel P. Berrange
2014-10-16 10:46         ` Gerd Hoffmann
2014-10-17  6:34           ` Gonglei
2014-10-17  6:38             ` Daniel P. Berrange
2014-10-17  6:54               ` Gonglei
2014-10-20  7:02             ` Gerd Hoffmann
2014-10-21  6:06               ` Gonglei
2014-10-21  8:57                 ` Gerd Hoffmann
2014-10-21  9:10                   ` Gonglei
2014-10-21  9:35                     ` Gerd Hoffmann
2014-10-21 10:32                       ` Gonglei
2014-10-15 14:51   ` Eric Blake
2014-10-15 12:32 ` [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances Daniel P. Berrange
2014-10-15 14:29   ` Gerd Hoffmann
2014-10-15 14:41     ` Daniel P. Berrange
2014-10-15 12:51 ` Daniel P. Berrange [this message]
2014-10-15 14:30   ` Gerd Hoffmann
2014-10-15 14:48 ` Eric Blake

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141015125147.GC3741@redhat.com \
    --to=berrange@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.