[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3] vnc: disable VNC password authentication (se
Re: [Qemu-devel] [PATCH v3] vnc: disable VNC password authentication (security type 2) when in FIPS mode
Fri, 04 May 2012 08:39:38 -0400
KMail/4.8.2 (Linux/3.3.4-gentoo; KDE/4.8.2; x86_64; ; )
On Friday, May 04, 2012 09:54:17 AM Daniel P. Berrange wrote:
> On Thu, May 03, 2012 at 05:00:45PM -0400, Paul Moore wrote:
> > FIPS 140-2 requires disabling certain ciphers, including DES, which is
> > used
> > by VNC to obscure passwords when they are sent over the network. The
> > solution for FIPS users is to disable the use of VNC password auth when
> > the
> > host system is operating in FIPS mode.
> > This patch causes qemu to emit a syslog entry and a message to stderr when
> > the host system is running in FIPS mode and a VNC password was specified
> > on
> > the commend line. If the system is not running in FIPS mode, or is
> > running
> > in FIPS mode but VNC password authentication was not requested, qemu
> > operates normally.
> > Signed-off-by: Paul Moore <address@hidden>
> Reviewed-by: Dainel P. Berrange <address@hidden>
> Looks good to me now.
security and virtualization @ redhat