[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server

From: Anthony Liguori
Subject: Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server
Date: Tue, 14 Aug 2007 23:32:22 -0500

These all look good to me!


Anthony Liguori

On Mon, 2007-08-13 at 20:25 +0100, Daniel P. Berrange wrote:
> The current VNC server implementation does not have support for the
> authentication of incoming client connections. The following series
> of patches provide support for a number of alternatives, all compliant
> with the VNC protocol spec. The simplest mechanism (and the weakest)
> is the traditional VNC password scheme based on weak d3des hashing of
> an 8 byte key. The more serious mechanism uses TLS for data encryption
> of the entire session, and x509 certificates for both client and server
> authentication.
> The patches are an iteration on the previous work I posted a couple 
> of weeks ago[1]. This addresses all the issues raised in the previous
> review along with a couple of edge cases I discovered. Since TLS can be
> quite perplexing, I also included some documentation on how to setup a 
> CA, and issue client & server certs in a manner suitable for use with 
> the VNC server.
> For the basic VNC password auth, this patch should be compatible with
> any standard VNC client such as RealVNC. The TLS based auth schemes
> require a client that implements the VeNCrypt extension[2]. The client
> from the VeNCrypt[3] project of course is one example. The GTK-VNC[4]
> widget which is used by Virt Manager[5] and Vinagre [6] also support
> it, and are my primary testing platform.
> The 8 individual patches will follow shortly in replies to this mail.
> Regards,
> Dan.
> [1] http://www.mail-archive.com/address@hidden/msg11554.html
> [2] http://www.mail-archive.com/address@hidden/msg08681.html
> [3] http://sourceforge.net/projects/vencrypt/
> [4] http://gtk-vnc.sourceforge.net/
> [5] http://virt-manager.org/
> [6] http://www.gnome.org/~jwendell/vinagre/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]