Re: [Qemu-devel] PATCH: 6/9: Add SASL authentication support

[Anthony Liguori <aliguori@us.ibm.com>]

Daniel P. Berrange wrote:
> diff -r 0eb0b12c0673 qemu-doc.texi
> --- a/qemu-doc.texi	Mon Feb 23 13:06:22 2009 +0000
> +++ b/qemu-doc.texi	Mon Feb 23 13:40:03 2009 +0000
> @@ -616,6 +616,21 @@ path following this option specifies whe
>  be loaded from. See the @ref{vnc_security} section for details on generating
>  certificates.
>  
> +@item sasl
> +
> +Require that the client use SASL to authenticate with the VNC server.
> +The exact choice of authentication method used is controlled from the
> +system / user's SASL configuration file for the 'qemu' service. This
> +is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
> +unprivileged user, an environment variable SASL_CONF_PATH can be used
> +to make it search alternate locations for the service config.
> +While some SASL auth methods can also provide data encryption (eg GSSAPI),
> +it is recommended that SASL always be combined with the 'tls' and
> +'x509' settings to enable use of SSL and server certificates. This
> +ensures a data encryption preventing compromise of authentication
> +credentials. See the @ref{vnc_security} section for details on using
> +SASL authentication.
> +
>  @end table
>  
>  @end table
> @@ -964,8 +979,6 @@ This implements UDP Net Console.
>  When @var{remote_host} or @var{src_ip} are not specified
>  they default to @code{0.0.0.0}.
>  When not using a specified @var{src_port} a random port is automatically chosen.
> -@item msmouse
> -Three button serial mouse. Configure the guest to use Microsoft protocol.
>  
>  If you just want a simple readonly console you can use @code{netcat} or
>  @code{nc}, by starting qemu with: @code{-serial udp::4555} and nc as:
>   

That removal looks like a mistake to me.  I'm going to remove it from 
your patch.

Regards,

Anthony Liguori