From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1ILAYY-00035s-Hb for qemu-devel@nongnu.org; Wed, 15 Aug 2007 00:32:30 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1ILAYV-00032C-EZ for qemu-devel@nongnu.org; Wed, 15 Aug 2007 00:32:30 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1ILAYV-000321-A4 for qemu-devel@nongnu.org; Wed, 15 Aug 2007 00:32:27 -0400 Received: from wx-out-0506.google.com ([66.249.82.237]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1ILAYV-0001pI-10 for qemu-devel@nongnu.org; Wed, 15 Aug 2007 00:32:27 -0400 Received: by wx-out-0506.google.com with SMTP id h31so1618067wxd for ; Tue, 14 Aug 2007 21:32:25 -0700 (PDT) Subject: Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server From: Anthony Liguori In-Reply-To: <20070813192517.GB30789@redhat.com> References: <20070813192517.GB30789@redhat.com> Content-Type: text/plain Date: Tue, 14 Aug 2007 23:32:22 -0500 Message-Id: <1187152342.18708.8.camel@squirrel> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org These all look good to me! Regards, Anthony Liguori On Mon, 2007-08-13 at 20:25 +0100, Daniel P. Berrange wrote: > The current VNC server implementation does not have support for the > authentication of incoming client connections. The following series > of patches provide support for a number of alternatives, all compliant > with the VNC protocol spec. The simplest mechanism (and the weakest) > is the traditional VNC password scheme based on weak d3des hashing of > an 8 byte key. The more serious mechanism uses TLS for data encryption > of the entire session, and x509 certificates for both client and server > authentication. > > The patches are an iteration on the previous work I posted a couple > of weeks ago[1]. This addresses all the issues raised in the previous > review along with a couple of edge cases I discovered. Since TLS can be > quite perplexing, I also included some documentation on how to setup a > CA, and issue client & server certs in a manner suitable for use with > the VNC server. > > For the basic VNC password auth, this patch should be compatible with > any standard VNC client such as RealVNC. The TLS based auth schemes > require a client that implements the VeNCrypt extension[2]. The client > from the VeNCrypt[3] project of course is one example. The GTK-VNC[4] > widget which is used by Virt Manager[5] and Vinagre [6] also support > it, and are my primary testing platform. > > The 8 individual patches will follow shortly in replies to this mail. > > Regards, > Dan. > > [1] http://www.mail-archive.com/qemu-devel@nongnu.org/msg11554.html > [2] http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html > [3] http://sourceforge.net/projects/vencrypt/ > [4] http://gtk-vnc.sourceforge.net/ > [5] http://virt-manager.org/ > [6] http://www.gnome.org/~jwendell/vinagre/