From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34201) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNlOi-0007nu-RW for qemu-devel@nongnu.org; Tue, 17 Feb 2015 11:53:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YNlOf-0003EH-51 for qemu-devel@nongnu.org; Tue, 17 Feb 2015 11:53:20 -0500 Received: from mx1.redhat.com ([209.132.183.28]:45874) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNlOe-0003Dy-Ts for qemu-devel@nongnu.org; Tue, 17 Feb 2015 11:53:17 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1HGrFFE026243 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 17 Feb 2015 11:53:15 -0500 Date: Tue, 17 Feb 2015 16:53:11 +0000 From: "Daniel P. Berrange" Message-ID: <20150217165311.GF8344@redhat.com> References: <7d250759ff7d01d2aec5f8f48ed51afb7fcfb17c.1424190993.git.mprivozn@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <7d250759ff7d01d2aec5f8f48ed51afb7fcfb17c.1424190993.git.mprivozn@redhat.com> Subject: Re: [Qemu-devel] [PATCH 1/3] qapi-schema: Make @password in set_password optional Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Michal Privoznik Cc: kraxel@redhat.com, qemu-devel@nongnu.org, armbru@redhat.com On Tue, Feb 17, 2015 at 05:40:45PM +0100, Michal Privoznik wrote: > So, imagine you've started a guest with ticketing enabled. You've set > some password to access your SPICE/VNC session. However, later you > want to give the access to somebody else's and therefore disable the > ticketing. Come on, be imaginative! Currently, there's no way how to > achieve this. And while there are two possible ways to fulfill the > goal: 1) invent new monitor command to disable ticketing, or 2) let > @password argument to 'set_password' monitor command be optional, I'm > choosing the latter. It's easier to implement, after all. > > The idea behind, how this will work, is: if user issues the command > without the password field, it means they want to disable the > ticketing. Any subsequent call to the call with password field filled > in, will enable the ticketing again. When password auth is enabled with VNC, the use of a NULL / empty string password is explicitly intended to block access to the VNC server, by causing the password auth to always return failure. Overloading the 'set_password' command such that a missing password changes the auth scheme in use is a really surprising and bad side effect. If we want to have the ability to change the authentication protocol used for VNC/SPICE, then lets add a proper command for this. ie create a 'set_graphics_auth' command to change auth protocol. This is really better for VNC anyway, as there are far more possible auth schemes than just password or no-password, and overloading the 'set_password' command can't handle that. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|