From: Anthony Liguori <anthony@codemonkey.ws>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire
Date: Wed, 10 Nov 2010 09:50:46 -0600 [thread overview]
Message-ID: <4CDABF56.8020804@codemonkey.ws> (raw)
In-Reply-To: <20101008100841.GB9279@redhat.com>
On 10/08/2010 05:08 AM, Daniel P. Berrange wrote:
> On Thu, Oct 07, 2010 at 02:53:05PM -0500, Anthony Liguori wrote:
>
>> On 10/07/2010 06:15 AM, Gerd Hoffmann wrote:
>>
>>> This patch adds support for expiring passwords to vnc. It adds a new
>>> lifetime parameter to the vnc_display_password() function, which
>>> specifies the number of seconds the new password will be valid. Passing
>>> zero as lifetime maintains current behavior (password never expires).
>>>
>>> Signed-off-by: Gerd Hoffmann<kraxel@redhat.com>
>>>
>>>
>> This has been posted before and I've never understood it. Why can't a
>> management tool just expire passwords on it's own?
>>
> If the management tool crashes or is restarted for some reason
> then it may miss the expiry task.
>
>
>> How does password expiration help with security at all?
>>
> VNC passwords are obviously rather weak, so if you can limit
> the time the password is valid to the window in which you
> are expecting the incoming VNC connection this limits the
> time to attack the VNC password. A mgmt tool could do
>
> - Set a VNC password
> - Open the VNC connection
> - Clear the VNC password
>
> If anything goes wrong in the mgmt tool at step 2 though,
> then it may never to step 3, leaving the VNC server accessible.
>
I think the point is that you can expire the password by just changing
it through the monitor. Having an expiration policy builtin to QEMU (as
opposed to libvirt) seems like the wrong place.
> If it had set a password expiry at step 1, it would have a
> safety net that guarentees the password will be invalid after
> 'n' seconds, even if not explicitly cleared. Given how little
> code this is in QEMU, I think it is a worthwhile feature.\
>
It's a policy not a mechanism and I don't see a good reason to have the
code in QEMU because it honestly is a policy for a specific product. I
don't think it's a strong enough policy that it's going to be seen as
widely useful.
Regards,
Anthony Liguori
> Regards,
> Daniel
>
next prev parent reply other threads:[~2010-11-10 15:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-07 11:15 [Qemu-devel] [PATCH 0/3] vnc/spice: add monitor command to change password Gerd Hoffmann
2010-10-07 11:15 ` [Qemu-devel] [PATCH 1/3] vnc: auth reject cleanup Gerd Hoffmann
2010-10-07 11:15 ` [Qemu-devel] [PATCH 2/3] vnc: support password expire Gerd Hoffmann
2010-10-07 19:53 ` Anthony Liguori
2010-10-08 10:08 ` Daniel P. Berrange
2010-11-02 11:15 ` Gerd Hoffmann
2010-11-09 13:42 ` Gerd Hoffmann
2010-11-10 15:52 ` Anthony Liguori
2010-11-10 15:50 ` Anthony Liguori [this message]
2010-11-11 11:39 ` Gerd Hoffmann
2010-11-16 20:26 ` Anthony Liguori
2010-11-17 10:23 ` Gerd Hoffmann
2010-11-20 2:14 ` Anthony Liguori
2010-10-07 11:15 ` [Qemu-devel] [PATCH 3/3] vnc/spice: add set_passwd monitor command Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2010-11-24 17:03 [Qemu-devel] [PATCH 0/3] vnc/spice: add monitor commands to change+expire passwords Gerd Hoffmann
2010-11-24 17:03 ` [Qemu-devel] [PATCH 2/3] vnc: support password expire Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CDABF56.8020804@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.