 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] Individual passwords for guest VNC servers ?
| To: | "Daniel P. Berrange" <berrange@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] Individual passwords for guest VNC servers ? |
| From: | "George Dunlap " <dunlapg@xxxxxxxxx> |
| Date: | Thu, 31 Aug 2006 11:43:22 -0400 |
| Cc: | xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx> |
| Delivery-date: | Thu, 31 Aug 2006 08:43:49 -0700 |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=d6dpq7kVOLab2B9xR7KG3XQW9CXCmw2wPMd2+6L+TJg/stlgRDSt8haJxlVRSPur6m/Ky8zxSdL8yCfprZUa2Y/iNdVl8f/OmdirQkilTjwzm7CnNpDG8MYzx0AYv5GXtvgqy41Vr01jxytvAbm1L7ZZWH3Exef90W9CiQK4qAE= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <20060831013840.GB22345@xxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <20060816181153.GC25831@xxxxxxxxxx> <20060825004436.GL809@xxxxxxxxxx> <JC2006083110235610.59547031@xxxxxxxxxxxxxx> <20060831013840.GB22345@xxxxxxxxxx> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
On 8/30/06, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: I think we should be secure by default - if they omit the password then we should either generate one - and store it in xenstore, or refuse to activate VNC server. If we really really want to allow no passwords, then admin could have to explicitly request it with vnc_no_password=1 in the config file - but my prefernce is still that we should flat out refuse to allow an empty password - in this day & day its just plain wrong. RealVNC server for example, refuses to allow empty password. IMHO this kind of "I'll make you do this for your own good" is a bug, not a feature. When I run a VNC server, I typically have it bound to accept connections only from localhost, then I SSH tunnel in. I'm the only one using the box, so I know that no one else can log in. Being forced to have a password when I'm already using much stronger authentication is an annoyance and a waste of my time. You can imagine other situations where the administrator knows that having no password is as secure as he needs it-- on an internal network or VPN, for instance. Or, a single user on a local machine. If I've got the box sitting in front of me, no one else can log in, and I type "xm create -f hvm.cfg", why should I have to type a password? Having the "vnc_no_password" option is my preference; it encourages right behavior where appropriate, but leaves the administrator the option to make an informed decision. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [Xen-devel] Directly mapping vifs to physical devices in netback -an alternative to bridge, Ian Pratt |
|---|---|
| Next by Date: | [Xen-devel] Bogus permissions on xenconsoled.pid, Jordan Russell |
| Previous by Thread: | Re: [Xen-devel] Individual passwords for guest VNC servers ?, Daniel P. Berrange |
| Next by Thread: | Re: [Xen-devel] Individual passwords for guest VNC servers ?, Masami Watanabe |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
