From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LgloY-0001RU-5M
	for qemu-devel@nongnu.org; Mon, 09 Mar 2009 16:11:06 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LgloV-0001NJ-En
	for qemu-devel@nongnu.org; Mon, 09 Mar 2009 16:11:03 -0400
Received: from [199.232.76.173] (port=57316 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LgloV-0001Mo-48
	for qemu-devel@nongnu.org; Mon, 09 Mar 2009 16:11:03 -0400
Received: from mx20.gnu.org ([199.232.41.8]:2719)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <berrange@redhat.com>) id 1LgloU-0007IH-UA
	for qemu-devel@nongnu.org; Mon, 09 Mar 2009 16:11:03 -0400
Received: from mx1.redhat.com ([66.187.233.31])
	by mx20.gnu.org with esmtp (Exim 4.60)
	(envelope-from <berrange@redhat.com>) id 1LgcBz-0002l8-Tj
	for qemu-devel@nongnu.org; Mon, 09 Mar 2009 05:54:40 -0400
Date: Mon, 9 Mar 2009 09:51:36 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC
	server (version 4)
Message-ID: <20090309095136.GA4578@redhat.com>
References: <20090302123121.GH15108@redhat.com> <49B187CE.1090504@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <49B187CE.1090504@us.ibm.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: qemu-devel@nongnu.org

On Fri, Mar 06, 2009 at 02:30:06PM -0600, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >Previously I provided patches for QEMU's VNC server to support SSL/TLS
> >and x509 certificates. This provides good encryption capabilities for
> >the VNC session. It doesn't really address the authentication problem
> >though.
> >
> >I have been working to  create a new authentication type in the RFB
> >protocol to address this need in a generic, extendable way, by mapping
> >the SASL API into the RFB protocol. Since SASL is a generic plugin
> >based API, this will allow use of a huge range of auth mechanims over
> >VNC, without us having to add any more auth code. For example, PAM,
> >Digest-MD5, GSSAPI/Kerberos, One-time key/password, LDAP password
> >lookup, SQL db password lookup, and more.
> >
> >I have got a VNC auth type assigned by the RFB spec maintainers:
> >
> >  http://realvnc.com/pipermail/vnc-list/2008-December/059463.html
> >  
> 
> Applied 1-8.  I'd like to wait on 9.

Thanks, I've no problem waiting for a better solution to #9 - it was
merely a basic proof of concept which I wasn't all that happy with.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|