WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] PATCH: 3/4: Add VNC auth support from upstream QEMU

To: Pasi Kärkkäinen <pasik@xxxxxx>
Subject: Re: [Xen-devel] PATCH: 3/4: Add VNC auth support from upstream QEMU
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Tue, 30 Oct 2007 13:31:23 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 30 Oct 2007 06:32:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20071030075359.GD5028@xxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20071029214858.GG1053@xxxxxxxxxx> <20071029215247.GJ1053@xxxxxxxxxx> <20071030075359.GD5028@xxxxxxxxxxxxxxx>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Tue, Oct 30, 2007 at 09:53:59AM +0200, Pasi K?rkk?inen wrote:
> On Mon, Oct 29, 2007 at 09:52:47PM +0000, Daniel P. Berrange wrote:
> > This patch adds in the upstream QEMU VNC authentication code. This spports 
> > the previous
> > VNC password auth scheme, as well as the VeNCrypt protocol extenion. The 
> > latter allows
> > for performing a TLS handshake, and client verification of the server 
> > identify using
> > x509 certificates. It is also possible for the server to request a client 
> > certificate
> > and validate that as a simple auth scheme. The code depends on GNU TLS for 
> > SSL APIs,
> > and the configure script will auto-detect this.
>
> Might be a stupid question as I don't know what upstream QEMU VNC supports,
> but would it make sense to add user+pass authentication support (via pam) ?

This does not make much if any sense. There is no sensible mapping between
host user accounts & guest virtual machine console access. If one were to
add any further authentication to VNC, then it should be SASL based.

> UltraVNC supports this, at least against Windows/AD users.

That makes sense for UltraVNC because it is exposing the Windows desktop
sessions for users. It does not make sense for QEMU because we're not 
exposing any sessions associated with host users.


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel