This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] Individual passwords for guest VNC servers ?

To: "Masami Watanabe" <masami.watanabe@xxxxxxxxxxxxxx>, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, "Anthony Liguori" <aliguori@xxxxxxxxxx>
Subject: RE: [Xen-devel] Individual passwords for guest VNC servers ?
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Tue, 26 Sep 2006 19:23:47 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 26 Sep 2006 11:26:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbhQo9Oue4//0/pSNqCi3msSNpQeAAVdO3w
Thread-topic: [Xen-devel] Individual passwords for guest VNC servers ?
> Thanks all point about security, I'll do as follows.
> I thought that the point was the following two. 
> 1. Storage place of encrypted password
>   Should I store it in /etc/xen/passwd ?
>     Or, should I wait for DB of Xen that will be released in 
> the future?

The xend life cycle management patches were posted by Alistair a couple
of months back. They'll go in early in the 3.0.4 cycle.

>   In the latter case, the release time and information, I want you to
>   teach it.
>   Now, I think we have no choice but to use /etc/xen/passwd.

In the mean time, I'd just out them in the domain config file and change
the default permissions and ownership.

> 2. Method of Xen VNC Server receiving stored password
>   By way of xenstore. However, it is necessary to consider 
> xenstore-ls.

It can be passed transiently (i.e. it gets deleted from the store by
You need to be root to run xenstore-ls so I'm comfortable with this.


Xen-devel mailing list