[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH][Take 2] VNC authentification

Daniel P. Berrange wrote:
On Sun, Oct 01, 2006 at 03:53:33AM +0900, Masami Watanabe wrote:
Hi Dan,

I post patch that reflects your point.
However, Now, I can not use standard VNC clients to server.
therefore, I cannot do final test. It becomes possible on next Tuesday.
Please forgive my post, it is current update.

The Python XenD bits of your latest patch all look good to me now - thanks for taking time to address the issues.

I've compiled the patches against latest Xen going into Fedora Core 6, and the password authentication does appear to be working as expected.
Only issue was that I forgot the password in the VM config file needed
to be the base64 encoded, DES-encrypted format - once I sorted that
out it worked fine.
--- a/tools/examples/xend-config.sxp    Wed Sep 27 17:49:22 2006 +0100
+++ b/tools/examples/xend-config.sxp    Sun Oct 01 02:13:06 2006 +0900
@@ -130,3 +130,7 @@
# The tool used for initiating virtual TPM migration
 #(external-migration-tool '')
+# The default password for VNC console on HVM domain.
+# Empty string is no authentication.
+(vncpasswd '')

We should add a note about this needing to be the base-64 encoded, DES encrypted password, rather than plain text.

Why even bother encrypting the password? We're using a well known DES key so there is no security here. A user must still take appropriate precautions to protect the config files. In fact, I think munging the password like this gives a false sense of security.


Anthony Liguori

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.