From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LfggS-0001BL-6E for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:30:16 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LfggO-0001Ar-V6 for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:30:14 -0500 Received: from [199.232.76.173] (port=46380 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LfggO-0001Ao-M6 for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:30:12 -0500 Received: from e3.ny.us.ibm.com ([32.97.182.143]:55124) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LfggO-0000u6-9V for qemu-devel@nongnu.org; Fri, 06 Mar 2009 15:30:12 -0500 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e3.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id n26KRS42027242 for ; Fri, 6 Mar 2009 15:27:28 -0500 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.2) with ESMTP id n26KU8Xj191220 for ; Fri, 6 Mar 2009 15:30:08 -0500 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n26KSnwn021079 for ; Fri, 6 Mar 2009 15:28:49 -0500 Message-ID: <49B187CE.1090504@us.ibm.com> Date: Fri, 06 Mar 2009 14:30:06 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] PATCH: 0/9: Support SASL authentication in VNC server (version 4) References: <20090302123121.GH15108@redhat.com> In-Reply-To: <20090302123121.GH15108@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Daniel P. Berrange wrote: > Previously I provided patches for QEMU's VNC server to support SSL/TLS > and x509 certificates. This provides good encryption capabilities for > the VNC session. It doesn't really address the authentication problem > though. > > I have been working to create a new authentication type in the RFB > protocol to address this need in a generic, extendable way, by mapping > the SASL API into the RFB protocol. Since SASL is a generic plugin > based API, this will allow use of a huge range of auth mechanims over > VNC, without us having to add any more auth code. For example, PAM, > Digest-MD5, GSSAPI/Kerberos, One-time key/password, LDAP password > lookup, SQL db password lookup, and more. > > I have got a VNC auth type assigned by the RFB spec maintainers: > > http://realvnc.com/pipermail/vnc-list/2008-December/059463.html > Applied 1-8. I'd like to wait on 9. There was a lot of rejects because of Jan's series. I fixed these up. I also added another patch that fixed the tabs introduced by your series. You want to add: (indent-tabs-mode . nil) To your emacs bits. Regards, Anthony Liguori