This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: [PATCH][Take 2] VNC authentification

To: Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH][Take 2] VNC authentification
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Fri, 29 Sep 2006 09:01:23 -0500
Cc: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Delivery-date: Fri, 29 Sep 2006 07:02:04 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <JX200609291747343.1765484@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20060922)
A couple comments:

Does this code actually work? You call vnc_read_when twice in the same function. The first one should never get called (it can only be called from the main loop and there can only ever be one outstanding read function).

There are a couple weird bits in the code too that I cannot reply to (your mailer is sending the attachment as a octet-stream, please inline too next time you send the patch).

Otherwise, it looks really promising!


Anthony Liguori

Masami Watanabe wrote:

This is take 2 on VNC authentification.

The specification is as mentioned at
The difference is follows.
- correction that passes information through xenstore.
- after information is read, qemu deletes information on xenstore.

Signed-off-by: Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>

Best regards,

On Tue, 26 Sep 2006 19:23:47 +0100, Ian Pratt wrote:
Thanks all point about security, I'll do as follows.
I thought that the point was the following two.

1. Storage place of encrypted password
  Should I store it in /etc/xen/passwd ?
Or, should I wait for DB of Xen that will be released in the future?
The xend life cycle management patches were posted by Alistair a couple
of months back. They'll go in early in the 3.0.4 cycle.

  In the latter case, the release time and information, I want you to
  teach it.
  Now, I think we have no choice but to use /etc/xen/passwd.
In the mean time, I'd just out them in the domain config file and change
the default permissions and ownership.

2. Method of Xen VNC Server receiving stored password
By way of xenstore. However, it is necessary to consider xenstore-ls.
It can be passed transiently (i.e. it gets deleted from the store by
You need to be root to run xenstore-ls so I'm comfortable with this.


Xen-devel mailing list

Xen-devel mailing list