On Tue, Oct 30, 2007 at 09:53:59AM +0200, Pasi K?rkk?inen wrote:
> On Mon, Oct 29, 2007 at 09:52:47PM +0000, Daniel P. Berrange wrote:
> > This patch adds in the upstream QEMU VNC authentication code. This spports
> > the previous
> > VNC password auth scheme, as well as the VeNCrypt protocol extenion. The
> > latter allows
> > for performing a TLS handshake, and client verification of the server
> > identify using
> > x509 certificates. It is also possible for the server to request a client
> > certificate
> > and validate that as a simple auth scheme. The code depends on GNU TLS for
> > SSL APIs,
> > and the configure script will auto-detect this.
>
> Might be a stupid question as I don't know what upstream QEMU VNC supports,
> but would it make sense to add user+pass authentication support (via pam) ?
This does not make much if any sense. There is no sensible mapping between
host user accounts & guest virtual machine console access. If one were to
add any further authentication to VNC, then it should be SASL based.
> UltraVNC supports this, at least against Windows/AD users.
That makes sense for UltraVNC because it is exposing the Windows desktop
sessions for users. It does not make sense for QEMU because we're not
exposing any sessions associated with host users.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|