[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server
From: |
Anthony Liguori |
Subject: |
Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server |
Date: |
Tue, 14 Aug 2007 23:32:22 -0500 |
These all look good to me!
Regards,
Anthony Liguori
On Mon, 2007-08-13 at 20:25 +0100, Daniel P. Berrange wrote:
> The current VNC server implementation does not have support for the
> authentication of incoming client connections. The following series
> of patches provide support for a number of alternatives, all compliant
> with the VNC protocol spec. The simplest mechanism (and the weakest)
> is the traditional VNC password scheme based on weak d3des hashing of
> an 8 byte key. The more serious mechanism uses TLS for data encryption
> of the entire session, and x509 certificates for both client and server
> authentication.
>
> The patches are an iteration on the previous work I posted a couple
> of weeks ago[1]. This addresses all the issues raised in the previous
> review along with a couple of edge cases I discovered. Since TLS can be
> quite perplexing, I also included some documentation on how to setup a
> CA, and issue client & server certs in a manner suitable for use with
> the VNC server.
>
> For the basic VNC password auth, this patch should be compatible with
> any standard VNC client such as RealVNC. The TLS based auth schemes
> require a client that implements the VeNCrypt extension[2]. The client
> from the VeNCrypt[3] project of course is one example. The GTK-VNC[4]
> widget which is used by Virt Manager[5] and Vinagre [6] also support
> it, and are my primary testing platform.
>
> The 8 individual patches will follow shortly in replies to this mail.
>
> Regards,
> Dan.
>
> [1] http://www.mail-archive.com/address@hidden/msg11554.html
> [2] http://www.mail-archive.com/address@hidden/msg08681.html
> [3] http://sourceforge.net/projects/vencrypt/
> [4] http://gtk-vnc.sourceforge.net/
> [5] http://virt-manager.org/
> [6] http://www.gnome.org/~jwendell/vinagre/
- [Qemu-devel] PATCH 0/8: Authentication support for the VNC server, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 1/8: Refactor VNC server setup API, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 2/8: Extend monitor 'change' command for VNC, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 3/8: VNC password authentication, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 4/8: VeNCrypt basic TLS support, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 5/8: x509 certificate for server, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 6/8: x509 client certificate verification, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 7/8: custom location for x509 cert paths, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 8/8: document all VNC authentication options, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server,
Anthony Liguori <=