From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: [PATCH][Take 2] VNC authentification
Date: Mon, 02 Oct 2006 12:24:36 -0500
Message-ID: <45214B54.8060805@us.ibm.com>
References: <3AAA99889D105740BE010EB6D5A5A3B202A3D2@paddington.ad.cl.cam.ac.uk>
	<JX200609291747343.1765484@jp.fujitsu.com>
	<20060929221145.GE8564@redhat.com>
	<JH200610010353334.2150046@jp.fujitsu.com>
	<20061002162232.GB1730@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20061002162232.GB1730@redhat.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk>, xen-devel@lists.xensource.com, Masami Watanabe <masami.watanabe@jp.fujitsu.com>
List-Id: xen-devel@lists.xenproject.org

Daniel P. Berrange wrote:
> On Sun, Oct 01, 2006 at 03:53:33AM +0900, Masami Watanabe wrote:
>   
>> Hi Dan,
>>
>> I post patch that reflects your point.
>> However, Now, I can not use standard VNC clients to server.
>> therefore, I cannot do final test. It becomes possible on next Tuesday.
>> Please forgive my post, it is current update.
>>     
>
> The Python XenD bits of your latest patch all look good to me now - thanks 
> for taking time to address the issues.
>
> I've compiled the patches against latest Xen going into Fedora Core 6, 
> and the password authentication does appear to be working as expected.
> Only issue was that I forgot the password in the VM config file needed
> to be the base64 encoded, DES-encrypted format - once I sorted that
> out it worked fine. 
>
>   
>> --- a/tools/examples/xend-config.sxp	Wed Sep 27 17:49:22 2006 +0100
>> +++ b/tools/examples/xend-config.sxp	Sun Oct 01 02:13:06 2006 +0900
>> @@ -130,3 +130,7 @@
>>  
>>  # The tool used for initiating virtual TPM migration
>>  #(external-migration-tool '')
>> +
>> +# The default password for VNC console on HVM domain.
>> +# Empty string is no authentication.
>> +(vncpasswd '')
>>     
>
> We should add a note about this needing to be the base-64 encoded, 
> DES encrypted password, rather than plain text.
>   

Why even bother encrypting the password?  We're using a well known DES 
key so there is no security here.  A user must still take appropriate 
precautions to protect the config files.  In fact, I think munging the 
password like this gives a false sense of security.

Regards,

Anthony Liguori