From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=44812 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PIS6n-000731-LZ for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:26:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PIS6m-0004cg-Me for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:26:29 -0500 Received: from mail-qw0-f46.google.com ([209.85.216.46]:40659) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PIS6m-0004cX-JF for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:26:28 -0500 Received: by qwh6 with SMTP id 6so958883qwh.33 for ; Tue, 16 Nov 2010 12:26:28 -0800 (PST) Message-ID: <4CE2E8F3.6030105@codemonkey.ws> Date: Tue, 16 Nov 2010 14:26:27 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire References: <1286450121-17153-1-git-send-email-kraxel@redhat.com> <1286450121-17153-3-git-send-email-kraxel@redhat.com> <4CAE2521.2070500@codemonkey.ws> <20101008100841.GB9279@redhat.com> <4CDABF56.8020804@codemonkey.ws> <4CDBD5E3.8080008@redhat.com> In-Reply-To: <4CDBD5E3.8080008@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann Cc: qemu-devel@nongnu.org On 11/11/2010 05:39 AM, Gerd Hoffmann wrote: > Hi, > >>> If anything goes wrong in the mgmt tool at step 2 though, >>> then it may never to step 3, leaving the VNC server accessible. >> >> I think the point is that you can expire the password by just changing >> it through the monitor. > > Well, you can't really expire it, you can only set it to $randomvalue. > Unsetting the vnc password also disables authentication (in unstable), > which is *not* what you want here ... > >> Having an expiration policy builtin to QEMU (as >> opposed to libvirt) seems like the wrong place. > > IMHO it doesn't build policy into qemu. It is still up to libvirt (or > the management app building on top of libvirt) to decide if and when > the password will expire. Except if you want to cancel the expiration because the expiration policy changes. You'd have to set the password without an expiration time and you may not have ready access to the password. > qemu will just do what libvirt asks for. > > Instead of passing a expire time as implemented by the patches: > > set-password $protocol $secret $time > > we could add a expire-password command, then ask management to do > > set-password $protocol $secret > [ let $time pass ] > expire-password $protocol > > I fail to see why this is better though. The former is more robust > and easier to implement in the management. The amount of code needed > in qemu is probably quite similar ... But the later let's a management tool implement arbitrarily complex expiration policies. It can also be used to generically disable any login which is effectively expiration but it may not be directly because of a timeout but rather because of some other operation. For instance, a management tool might want to implement a login policy whereas you're only allowed to log into a VM during business hours (9-5). Setting an expiration time for 8 hours is quite a bit less straight forward than just unsetting the password during the off hours. Regards, Anthony Liguori > cheers, > Gerd > >