From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Mszm8-00012t-PD for qemu-devel@nongnu.org; Wed, 30 Sep 2009 10:03:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Mszm4-0000x5-4i for qemu-devel@nongnu.org; Wed, 30 Sep 2009 10:03:24 -0400 Received: from [199.232.76.173] (port=50465 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Mszm4-0000wr-0a for qemu-devel@nongnu.org; Wed, 30 Sep 2009 10:03:20 -0400 Received: from mx1.redhat.com ([209.132.183.28]:30349) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Mszm3-0007cz-EP for qemu-devel@nongnu.org; Wed, 30 Sep 2009 10:03:19 -0400 Date: Wed, 30 Sep 2009 16:03:13 +0200 From: Dan Kenigsberg Subject: Re: [Qemu-devel] [PATCH] let management expire vnc password Message-ID: <20090930140312.GB5408@redhat.com> References: <1253609255-13016-1-git-send-email-danken@redhat.com> <4AC361E8.6060907@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4AC361E8.6060907@codemonkey.ws> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: qemu-devel@nongnu.org On Wed, Sep 30, 2009 at 08:49:28AM -0500, Anthony Liguori wrote: > Dan Kenigsberg wrote: >> After a client connects to vnc server, management may wish to expire the >> vnc password, so that an attacker has less time to break into the vm. >> > > I don't understand what the use-case for this is. > > You want to basically lock out any new clients? Can't you just set the > password to something random? Yes, and actually that's what we currently do. But having a random password still opens a crack for guessing it. > I really don't understand why you would > want to do this. > > Regards, > > Anthony Liguori