[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (se

From: Paul Moore
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode
Date: Thu, 03 May 2012 16:54:48 -0400
User-agent: KMail/4.8.2 (Linux/3.3.4-gentoo; KDE/4.8.2; x86_64; ; )

On Thursday, May 03, 2012 04:54:42 PM Alexander Graf wrote:
> On 02.05.2012, at 21:32, Paul Moore wrote:
> > FIPS 140-2 requires disabling certain ciphers, including DES, which is
> > used
> > by VNC to obscure passwords when they are sent over the network.  The
> > solution for FIPS users is to disable the use of VNC password auth when
> > the
> > host system is operating in FIPS mode.
> > 
> > This patch causes qemu to emit a syslog entry indicating that VNC password
> > auth is disabled when it detects the host is running in FIPS mode, and
> > unless a VNC password was specified on the command line it continues
> > normally.  However, if a VNC password was given on the command line, qemu
> > fails with an error message to stderr explaining that VNC password auth is
> > not allowed in FIPS mode.
> I just talked to Roman about this one and he had some comments :)

I'm sure he did :)

paul moore
security and virtualization @ redhat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]