From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MteuZ-0001Py-4O for qemu-devel@nongnu.org; Fri, 02 Oct 2009 05:58:51 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MteuU-0001N8-E8 for qemu-devel@nongnu.org; Fri, 02 Oct 2009 05:58:50 -0400 Received: from [199.232.76.173] (port=42107 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MteuU-0001Mv-4S for qemu-devel@nongnu.org; Fri, 02 Oct 2009 05:58:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:22915) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MteuT-0003Ma-Jt for qemu-devel@nongnu.org; Fri, 02 Oct 2009 05:58:45 -0400 Date: Fri, 2 Oct 2009 10:58:37 +0100 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] [PATCH] let management expire vnc password Message-ID: <20091002095837.GB21416@redhat.com> References: <1253609255-13016-1-git-send-email-danken@redhat.com> <4AC361E8.6060907@codemonkey.ws> <20090930140312.GB5408@redhat.com> <4AC36E81.901@codemonkey.ws> <20090930164553.GA8310@redhat.com> <4AC3C798.2090703@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4AC3C798.2090703@codemonkey.ws> Reply-To: "Daniel P. Berrange" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: qemu-devel@nongnu.org, Dan Kenigsberg On Wed, Sep 30, 2009 at 04:03:20PM -0500, Anthony Liguori wrote: > Dan Kenigsberg wrote: > >The rationale is central management of access to virtual machines. > > > >Normally, no vnc access to VMs is allowed. A user with enough > >credentials may request the management tool for a short-lived > >"ticket" to connect to a VM. If the user uses it, great. But after the > >ticket expires, no further connections are allowed. > > > > Couldn't you implement the same feature with an IP tables rule (prevent > new connections from being established)? > > I'm not convinced this functionality is very useful generally so I think > I'd prefer not to merge it. I think it is a pretty valid use case, though I don't like the proposed implementation. In essence it is implementing one-time-passwords instead of multi-use passwords and both of those are reasonable concepts. Having to implement one-time passwords using multi-use passwords + iptables is a really bad, over complicated hack, particularly considering how trivial this is todo in QEMU. In terms of impl though, rather than having separate a 'expire_password' command, I think it would be preferrable to have alternative syntax for setting initial credentials change vnc passwd (for multi-use passwords) change vnc otp (for single-use passwords) Or, extend the existing 'change vnc passwd' command to allow optional flags as a 4th argument. change vnc passwd otp Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|