Re: [Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC server (version 4)

["Daniel P. Berrange" <berrange@redhat.com>]

On Fri, Mar 06, 2009 at 02:30:06PM -0600, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >Previously I provided patches for QEMU's VNC server to support SSL/TLS
> >and x509 certificates. This provides good encryption capabilities for
> >the VNC session. It doesn't really address the authentication problem
> >though.
> >
> >I have been working to  create a new authentication type in the RFB
> >protocol to address this need in a generic, extendable way, by mapping
> >the SASL API into the RFB protocol. Since SASL is a generic plugin
> >based API, this will allow use of a huge range of auth mechanims over
> >VNC, without us having to add any more auth code. For example, PAM,
> >Digest-MD5, GSSAPI/Kerberos, One-time key/password, LDAP password
> >lookup, SQL db password lookup, and more.
> >
> >I have got a VNC auth type assigned by the RFB spec maintainers:
> >
> >  http://realvnc.com/pipermail/vnc-list/2008-December/059463.html
> >  
> 
> Applied 1-8.  I'd like to wait on 9.

Thanks, I've no problem waiting for a better solution to #9 - it was
merely a basic proof of concept which I wasn't all that happy with.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|