From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lcnsm-000498-Gw for qemu-devel@nongnu.org; Thu, 26 Feb 2009 16:35:04 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lcnsl-00048Q-OI for qemu-devel@nongnu.org; Thu, 26 Feb 2009 16:35:04 -0500 Received: from [199.232.76.173] (port=37576 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lcnsl-00048G-L4 for qemu-devel@nongnu.org; Thu, 26 Feb 2009 16:35:03 -0500 Received: from e7.ny.us.ibm.com ([32.97.182.137]:34285) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lcnsl-0003zS-Bl for qemu-devel@nongnu.org; Thu, 26 Feb 2009 16:35:03 -0500 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e7.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id n1QLQdnU011629 for ; Thu, 26 Feb 2009 16:26:39 -0500 Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.2) with ESMTP id n1QLYxZS177104 for ; Thu, 26 Feb 2009 16:34:59 -0500 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n1QLYxiX023612 for ; Thu, 26 Feb 2009 16:34:59 -0500 Message-ID: <49A70B02.3040106@us.ibm.com> Date: Thu, 26 Feb 2009 15:34:58 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] PATCH: 6/9: Add SASL authentication support References: <20090226113933.GA29854@redhat.com> <20090226115624.GL22494@redhat.com> In-Reply-To: <20090226115624.GL22494@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Daniel P. Berrange wrote: > diff -r 0eb0b12c0673 qemu-doc.texi > --- a/qemu-doc.texi Mon Feb 23 13:06:22 2009 +0000 > +++ b/qemu-doc.texi Mon Feb 23 13:40:03 2009 +0000 > @@ -616,6 +616,21 @@ path following this option specifies whe > be loaded from. See the @ref{vnc_security} section for details on generating > certificates. > > +@item sasl > + > +Require that the client use SASL to authenticate with the VNC server. > +The exact choice of authentication method used is controlled from the > +system / user's SASL configuration file for the 'qemu' service. This > +is typically found in /etc/sasl2/qemu.conf. If running QEMU as an > +unprivileged user, an environment variable SASL_CONF_PATH can be used > +to make it search alternate locations for the service config. > +While some SASL auth methods can also provide data encryption (eg GSSAPI), > +it is recommended that SASL always be combined with the 'tls' and > +'x509' settings to enable use of SSL and server certificates. This > +ensures a data encryption preventing compromise of authentication > +credentials. See the @ref{vnc_security} section for details on using > +SASL authentication. > + > @end table > > @end table > @@ -964,8 +979,6 @@ This implements UDP Net Console. > When @var{remote_host} or @var{src_ip} are not specified > they default to @code{0.0.0.0}. > When not using a specified @var{src_port} a random port is automatically chosen. > -@item msmouse > -Three button serial mouse. Configure the guest to use Microsoft protocol. > > If you just want a simple readonly console you can use @code{netcat} or > @code{nc}, by starting qemu with: @code{-serial udp::4555} and nc as: > That removal looks like a mistake to me. I'm going to remove it from your patch. Regards, Anthony Liguori