|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH] let management expire vnc password |
Date: | Wed, 30 Sep 2009 09:43:13 -0500 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Dan Kenigsberg wrote:
On Wed, Sep 30, 2009 at 08:49:28AM -0500, Anthony Liguori wrote:Dan Kenigsberg wrote:After a client connects to vnc server, management may wish to expire the vnc password, so that an attacker has less time to break into the vm.I don't understand what the use-case for this is.You want to basically lock out any new clients? Can't you just set the password to something random?Yes, and actually that's what we currently do. But having a random password still opens a crack for guessing it.
Is the requirement, prevent future clients from connecting to the vnc server? Essentially, disabling the vnc server?
Could we do something more direct like add a 'vnc off' monitor command? The nice thing about this approach is that we could add a flag to disconnect all connected clients since someone else wanted that feature in the past.
Can you explain the rationale for doing this though in a management tool? I'd like to better understand what sort of policy you're trying to enforce.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |