[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (se

From: Alexander Graf
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode
Date: Tue, 5 Jun 2012 01:17:05 +0200

On 05.06.2012, at 01:11, Anthony Liguori wrote:

> On 06/05/2012 02:16 AM, Paul Moore wrote:
>> On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:
>>> This needs to be optional and disabled by default I think.  I strongly
>>> dislike  disabling a feature when a user isn't asking for it.  You can
>>> introduce a global -enable-fips-mode or something like that.
>> I'll resend the patch, but before I do I want to make sure the defaults are
>> set to whatever you find acceptable to merging and the second sentence above
>> has me a little confused; do you mean "... dislike _enabling_ a feature when 
>> a
>> user isn't asking for it."?
> I dislike *removing* a feature unless a user has explicitly asked us too.
> If a user isn't aware that fips mode is enabled, they will have no idea why 
> VNC authentication doesn't work.  I think we should let a user choice whether 
> they want QEMU to respect fips mode or not.

While I agree in general, for FIPS chances are basically negligible that you 
accidentally enable it. And if you do, the rest of your system will have gone 
mad before you notice QEMU behaving differently anyways :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]