This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Individual passwords for guest VNC servers ?

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Individual passwords for guest VNC servers ?
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Fri, 22 Sep 2006 15:43:30 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Delivery-date: Fri, 22 Sep 2006 07:44:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <3AAA99889D105740BE010EB6D5A5A3B202A30D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20060922131246.GD31773@xxxxxxxxxx> <3AAA99889D105740BE010EB6D5A5A3B202A30D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Fri, Sep 22, 2006 at 02:54:24PM +0100, Ian Pratt wrote:
> > Passing around passwords either on the command line, or environment is
> a
> > big red flag from a security POV. Also the Xen guest & xend config
> files
> > all default to world readable. I think we should follow the Apache
> model
> > and store the passwords out-of-band from the main config. eg
> > 
> >    (vncpasswordfile '/etc/xen/vncpassword')
> > 
> > At this point it would make sense to have one password file for all
> guests,
> > and store them in format:  'vm-name:  pw-hash'
> The new life cycle management stuff in post 3.0.3 xend changes this
> quite a bit as a config file is only used when initially creating a VM,
> and then information about it gets stored in xend's database. The
> current password associated with a VM would be one of the parameters
> stored in the database, and should be updated using 'xm vnc-password' or
> shuch like. 

As long as XenD makes sure its DB is not world readable, this sounds

> > As Ian just suggested we could have command 'xm password'  for
> updating
> > these passwords (cf apache's  htpasswd command)
> > 
> > Now when launching qemu-dm, we can either pass the path to the
> password
> > file on its command line,   eg  -passwordfile /etc/xen/password, or
> > passs the actual password to qemu-dm down a pipe (eg qemu-dm would
> read
> > the password from filehandle 3 upon startup). The latter would be my
> > preference, since then we could isolate the password handling stuff in
> > Xend, and not duplicate it in qemu-dm, and the paravirt  equivalent.
> I wouldn't rely on qemu-dm staying in dom0. I think the information
> should be passed transiently via xenstore.

Yeah, that's probably best solution particularly since qemu-dm is
already reading/writing to the xenstore it should be little work
to also fetch the password from there.

|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Xen-devel mailing list