Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Anthony Liguori <anthony@codemonkey.ws>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire
Date: Tue, 16 Nov 2010 14:26:27 -0600	[thread overview]
Message-ID: <4CE2E8F3.6030105@codemonkey.ws> (raw)
In-Reply-To: <4CDBD5E3.8080008@redhat.com>

On 11/11/2010 05:39 AM, Gerd Hoffmann wrote:
>   Hi,
>
>>> If anything goes wrong in the mgmt tool at step 2 though,
>>> then it may never to step 3, leaving the VNC server accessible.
>>
>> I think the point is that you can expire the password by just changing
>> it through the monitor.
>
> Well, you can't really expire it, you can only set it to $randomvalue. 
> Unsetting the vnc password also disables authentication (in unstable), 
> which is *not* what you want here ...
>
>> Having an expiration policy builtin to QEMU (as
>> opposed to libvirt) seems like the wrong place.
>
> IMHO it doesn't build policy into qemu.  It is still up to libvirt (or 
> the management app building on top of libvirt) to decide if and when 
> the password will expire.

Except if you want to cancel the expiration because the expiration 
policy changes.   You'd have to set the password without an expiration 
time and you may not have ready access to the password.

>   qemu will just do what libvirt asks for.
>
> Instead of passing a expire time as implemented by the patches:
>
>   set-password $protocol $secret $time
>
> we could add a expire-password command, then ask management to do
>
>    set-password $protocol $secret
>    [ let $time pass ]
>    expire-password $protocol
>
> I fail to see why this is better though.  The former is more robust 
> and easier to implement in the management.  The amount of code needed 
> in qemu is probably quite similar ...

But the later let's a management tool implement arbitrarily complex 
expiration policies.  It can also be used to generically disable any 
login which is effectively expiration but it may not be directly because 
of a timeout but rather because of some other operation.  For instance, 
a management tool might want to implement a login policy whereas you're 
only allowed to log into a VM during business hours (9-5).  Setting an 
expiration time for 8 hours is quite a bit less straight forward than 
just unsetting the password during the off hours.

Regards,

Anthony Liguori

> cheers,
>   Gerd
>
>

next prev parent reply	other threads:[~2010-11-16 20:26 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-07 11:15 [Qemu-devel] [PATCH 0/3] vnc/spice: add monitor command to change password Gerd Hoffmann
2010-10-07 11:15 ` [Qemu-devel] [PATCH 1/3] vnc: auth reject cleanup Gerd Hoffmann
2010-10-07 11:15 ` [Qemu-devel] [PATCH 2/3] vnc: support password expire Gerd Hoffmann
2010-10-07 19:53   ` Anthony Liguori
2010-10-08 10:08     ` Daniel P. Berrange
2010-11-02 11:15       ` Gerd Hoffmann
2010-11-09 13:42         ` Gerd Hoffmann
2010-11-10 15:52           ` Anthony Liguori
2010-11-10 15:50       ` Anthony Liguori
2010-11-11 11:39         ` Gerd Hoffmann
2010-11-16 20:26           ` Anthony Liguori [this message]
2010-11-17 10:23             ` Gerd Hoffmann
2010-11-20  2:14               ` Anthony Liguori
2010-10-07 11:15 ` [Qemu-devel] [PATCH 3/3] vnc/spice: add set_passwd monitor command Gerd Hoffmann
  -- strict thread matches above, loose matches on Subject: below --
2010-11-24 17:03 [Qemu-devel] [PATCH 0/3] vnc/spice: add monitor commands to change+expire passwords Gerd Hoffmann
2010-11-24 17:03 ` [Qemu-devel] [PATCH 2/3] vnc: support password expire Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CE2E8F3.6030105@codemonkey.ws \
    --to=anthony@codemonkey.ws \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.