From: Anthony Liguori <anthony@codemonkey.ws>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Re: [RFC 0/7]: Add VNC connect/disconnect events
Date: Tue, 12 Jan 2010 16:28:46 -0600 [thread overview]
Message-ID: <4B4CF79E.5080604@codemonkey.ws> (raw)
In-Reply-To: <20100112192854.546aa02a@doriath>
[-- Attachment #1: Type: text/plain, Size: 2041 bytes --]
On 01/12/2010 03:28 PM, Luiz Capitulino wrote:
> On Mon, 11 Jan 2010 13:55:19 +0000
> "Daniel P. Berrange"<berrange@redhat.com> wrote:
>
>
>> So perhaps we should declare that the lifecycle is
>>
>> - CONNECT (provide IP / port details)
>> - AUTHENTICATED (provide IP / port details + authenticated ID details
>> eg x509 dname, or SASL usernsmae)
>> - DISCONNECT (provide IP / port details)
>>
>>
>> Obviously AUTHENTICATED may be optional if the client goes away
>> immedaitely before trying auth. The AUTHENTICATED event probably
>> also ought to allow for an indication of success vs failure so
>> the app can see failed login attempts
>>
> I'm having an issue with the reporting of failure.
>
> Turns out we can have a few error conditions on login and they are
> auth mechanism dependent. Also, as I'm not familiar with the code,
> it's not always easy to get the ID information on failures.
>
> So, what is simple to do is to have an event called VNC_AUTHENTICATION,
> it will have a 'authenticated' key which can be true or false. If it's true
> authentication has been successful and ID information is available,
> otherwise authentication has failed and only IP/port info is available.
>
> Of course that CONNECT and DISCONNECT events are also provided.
>
It might be worthwhile looking at the events that gtk-vnc supports.
| VNC_CONNECTED, <- client has connected
VNC_INITIALIZED,<- initialized is completed
VNC_DISCONNECTED,<- client has disconnected
VNC_AUTH_FAILURE, <- authorization has failed
VNC_AUTH_UNSUPPORTED,<- authorization has failed (could not negotiate an auth type)
Initialized can provide you all of the credential information. I think it's stronger than AUTHENTICATED because authentication alone does not imply that a session is active. Initialized tells a listener that at the moment this is received, the VNC session is active. If I'm a management tool, that's the thing I'm likely interested in.
Regards,
Anthony Liguori
|
[-- Attachment #2: Type: text/html, Size: 2650 bytes --]
next prev parent reply other threads:[~2010-01-12 22:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-08 21:47 [Qemu-devel] [RFC 0/7]: Add VNC connect/disconnect events Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 1/7] VNC: Use 'enabled' key instead of 'status' Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 2/7] VNC: Make 'auth' key mandatory Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 3/7] VNC: Rename client's 'username' key Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 4/7] VNC: Add 'family' key Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 5/7] VNC: Cache client info at connection time Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 6/7] QMP: Introduce QMP disconnect event Luiz Capitulino
2010-01-08 21:47 ` [Qemu-devel] [PATCH 7/7] QMP: Introduce QMP connect event Luiz Capitulino
2010-01-11 13:55 ` [Qemu-devel] Re: [RFC 0/7]: Add VNC connect/disconnect events Daniel P. Berrange
2010-01-12 21:28 ` Luiz Capitulino
2010-01-12 22:28 ` Anthony Liguori [this message]
2010-01-13 9:14 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B4CF79E.5080604@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=aliguori@us.ibm.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.