From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=32870 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PGVUy-0000N5-Ed
	for qemu-devel@nongnu.org; Thu, 11 Nov 2010 06:39:25 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1PGVUx-0004MV-8U
	for qemu-devel@nongnu.org; Thu, 11 Nov 2010 06:39:24 -0500
Received: from mx1.redhat.com ([209.132.183.28]:27189)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1PGVUx-0004MF-1y
	for qemu-devel@nongnu.org; Thu, 11 Nov 2010 06:39:23 -0500
Message-ID: <4CDBD5E3.8080008@redhat.com>
Date: Thu, 11 Nov 2010 12:39:15 +0100
From: Gerd Hoffmann <kraxel@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire
References: <1286450121-17153-1-git-send-email-kraxel@redhat.com>
	<1286450121-17153-3-git-send-email-kraxel@redhat.com>
	<4CAE2521.2070500@codemonkey.ws> <20101008100841.GB9279@redhat.com>
	<4CDABF56.8020804@codemonkey.ws>
In-Reply-To: <4CDABF56.8020804@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

   Hi,

>> If anything goes wrong in the mgmt tool at step 2 though,
>> then it may never to step 3, leaving the VNC server accessible.
>
> I think the point is that you can expire the password by just changing
> it through the monitor.

Well, you can't really expire it, you can only set it to $randomvalue. 
Unsetting the vnc password also disables authentication (in unstable), 
which is *not* what you want here ...

> Having an expiration policy builtin to QEMU (as
> opposed to libvirt) seems like the wrong place.

IMHO it doesn't build policy into qemu.  It is still up to libvirt (or 
the management app building on top of libvirt) to decide if and when the 
password will expire.  qemu will just do what libvirt asks for.

Instead of passing a expire time as implemented by the patches:

   set-password $protocol $secret $time

we could add a expire-password command, then ask management to do

    set-password $protocol $secret
    [ let $time pass ]
    expire-password $protocol

I fail to see why this is better though.  The former is more robust and 
easier to implement in the management.  The amount of code needed in 
qemu is probably quite similar ...

cheers,
   Gerd