From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Mt6Kh-0004OA-JU
	for qemu-devel@nongnu.org; Wed, 30 Sep 2009 17:03:31 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Mt6Kc-0004J4-UR
	for qemu-devel@nongnu.org; Wed, 30 Sep 2009 17:03:31 -0400
Received: from [199.232.76.173] (port=50926 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Mt6Kc-0004Ij-HS
	for qemu-devel@nongnu.org; Wed, 30 Sep 2009 17:03:26 -0400
Received: from mail-bw0-f211.google.com ([209.85.218.211]:42899)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1Mt6Kb-0007WJ-Rl
	for qemu-devel@nongnu.org; Wed, 30 Sep 2009 17:03:26 -0400
Received: by bwz7 with SMTP id 7so850785bwz.34
	for <qemu-devel@nongnu.org>; Wed, 30 Sep 2009 14:03:24 -0700 (PDT)
Message-ID: <4AC3C798.2090703@codemonkey.ws>
Date: Wed, 30 Sep 2009 16:03:20 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] let management expire vnc password
References: <1253609255-13016-1-git-send-email-danken@redhat.com>
	<4AC361E8.6060907@codemonkey.ws>
	<20090930140312.GB5408@redhat.com> <4AC36E81.901@codemonkey.ws>
	<20090930164553.GA8310@redhat.com>
In-Reply-To: <20090930164553.GA8310@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Dan Kenigsberg <danken@redhat.com>
Cc: qemu-devel@nongnu.org

Dan Kenigsberg wrote:
> The rationale is central management of access to virtual machines.
>
> Normally, no vnc access to VMs is allowed. A user with enough
> credentials may request the management tool for a short-lived
> "ticket" to connect to a VM. If the user uses it, great. But after the
> ticket expires, no further connections are allowed.
>   

Couldn't you implement the same feature with an IP tables rule (prevent 
new connections from being established)?

I'm not convinced this functionality is very useful generally so I think 
I'd prefer not to merge it.

Regards,

Anthony Liguori