On Wed, Jan 23, 2008 at 04:50:39PM +0000, Samuel Thibault wrote:
> Samuel Thibault, le Wed 23 Jan 2008 16:42:33 +0000, a écrit :
> > Daniel P. Berrange, le Wed 23 Jan 2008 16:28:11 +0000, a écrit :
> > > VNC password authentication is turned on / off via the ',passwd' flag on
> > > the -vnc command line to QEMU. If password auth is on, and a zero length
> > > string is found as a password, then all logins are completely disabled -
> > > the VNC password auth code will fail all logins. If passwd auth is off on
> > > the command line, then any password stored in xenstore is irrelevant, no
> > > matter what length it is.
> >
> > Ok, so the real fix seems to be to take that flag into account (which is
> > not the case currently).
>
> Which actually boils down to applying the two patches I have proposed:
> on a xenstore read failure, an empty password is stored (which is fine
> when there is no passwd in the configuration), and hence if ',passwd'
> was given on the -vnc command line (i.e. some passwd was given in the
> configuration but it somehow didn't make through to xenstore), all
> logins will be completely disabled, so we're on the safe side.
Yes, that sounds like correct behaviour - if password goes missing from
xenstore then clients are rejected
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home