From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IG3Qv-0002ln-Oe for qemu-devel@nongnu.org; Tue, 31 Jul 2007 21:55:29 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IG3Qt-0002gR-Ot for qemu-devel@nongnu.org; Tue, 31 Jul 2007 21:55:29 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IG3Qt-0002g0-Fs for qemu-devel@nongnu.org; Tue, 31 Jul 2007 21:55:27 -0400 Received: from wx-out-0506.google.com ([66.249.82.236]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IG3Qt-0003mj-4s for qemu-devel@nongnu.org; Tue, 31 Jul 2007 21:55:27 -0400 Received: by wx-out-0506.google.com with SMTP id h31so56784wxd for ; Tue, 31 Jul 2007 18:55:26 -0700 (PDT) Message-ID: <46AFE80B.9070503@codemonkey.ws> Date: Tue, 31 Jul 2007 20:55:23 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server References: <20070731192316.GI18730@redhat.com> In-Reply-To: <20070731192316.GI18730@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Authentication support is a commonly requested feature. I think this is definitely the right approach to take. Regards, Anthony Liguori Daniel P. Berrange wrote: > The current VNC server implementation does not have support for the > authentication of incoming client connections. The following series > of patches provide support for a number of alternatives, all compliant > with the VNC protocol spec. The simplest mechanism (and the weakest) > is the traditional VNC password scheme based on weak d3des hashing of > an 8 byte key. The more serious mechanism uses TLS for data encryption > of the entire session, and x509 certificates for both client and server > authentication. > > The patches are an iteration on the previous work I posted a couple of > months ago[1]. They are now functionally complete, better tested, > split up into a patch series for easier review, and their use fully > documented. Since TLS can be quite perplexing, I also included some > documentation on how to setup a CA, and issue client & server certs > in a manner suitable for use with the VNC server. > > For the basic VNC password auth, this patch should be compatible with > any standard VNC client such as RealVNC. The TLS based auth schemes > require a client that implements the VeNCrypt extension[2]. The client > from the VeNCrypt[3] project of course is one example. The GTK-VNC[4] > widget which is used by Virt Manager[5] and Vinagre [6] also support > it, and are my primary testing platform. > > The 8 individual patches will follow shortly in replies to this mail. > > Regards, > Dan. > > [1] http://www.mail-archive.com/qemu-devel@nongnu.org/msg08616.html > [2] http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html > [3] http://sourceforge.net/projects/vencrypt/ > [4] http://gtk-vnc.sourceforge.net/ > [5] http://virt-manager.org/ > [6] http://www.gnome.org/~jwendell/vinagre/ >