Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire

[Gerd Hoffmann]

  Hi,

> > How does password expiration help with security at all?
>
> VNC passwords are obviously rather weak, so if you can limit
> the time the password is valid to the window in which you
> are expecting the incoming VNC connection this limits the
> time to attack the VNC password. A mgmt tool could do
>
>    - Set a VNC password
>    - Open the VNC connection
>    - Clear the VNC password
>
> If anything goes wrong in the mgmt tool at step 2 though,
> then it may never to step 3, leaving the VNC server accessible.
> If it had set a password expiry at step 1, it would have a
> safety net that guarentees the password will be invalid after
> 'n' seconds, even if not explicitly cleared. Given how little
> code this is in QEMU, I think it is a worthwhile feature.

Anthony?  Do you agree?  If so I have a updated tree to pull from for 
you (rebased to latest master, added sign-offs, otherwise unmodified).

thanks,
  Gerd

The following changes since commit 7d72e76228351d18a856f1e4f5365b59d3205dc3:

  intel-hda: documentation update (2010-11-02 00:41:04 +0300)

are available in the git repository at:
  git://anongit.freedesktop.org/spice/qemu passwd.2

Gerd Hoffmann (3):
      vnc: auth reject cleanup
      vnc: support password expire
      vnc/spice: add set_passwd monitor command.

 console.h       |    2 +-
 hmp-commands.hx |   23 ++++++++++++++++++++
 monitor.c       |   61 
+++++++++++++++++++++++++++++++++++++++++++++++++++++-
 ui/qemu-spice.h |    3 ++
 ui/spice-core.c |    7 ++++++
 ui/vnc.c        |   43 +++++++++++++++++++++++---------------
 ui/vnc.h        |    1 +
 7 files changed, 120 insertions(+), 20 deletions(-)