[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] PATCH 0/8: Authentication support for the VNC server
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] PATCH 0/8: Authentication support for the VNC server |
Date: |
Mon, 13 Aug 2007 20:25:17 +0100 |
User-agent: |
Mutt/1.4.1i |
The current VNC server implementation does not have support for the
authentication of incoming client connections. The following series
of patches provide support for a number of alternatives, all compliant
with the VNC protocol spec. The simplest mechanism (and the weakest)
is the traditional VNC password scheme based on weak d3des hashing of
an 8 byte key. The more serious mechanism uses TLS for data encryption
of the entire session, and x509 certificates for both client and server
authentication.
The patches are an iteration on the previous work I posted a couple
of weeks ago[1]. This addresses all the issues raised in the previous
review along with a couple of edge cases I discovered. Since TLS can be
quite perplexing, I also included some documentation on how to setup a
CA, and issue client & server certs in a manner suitable for use with
the VNC server.
For the basic VNC password auth, this patch should be compatible with
any standard VNC client such as RealVNC. The TLS based auth schemes
require a client that implements the VeNCrypt extension[2]. The client
from the VeNCrypt[3] project of course is one example. The GTK-VNC[4]
widget which is used by Virt Manager[5] and Vinagre [6] also support
it, and are my primary testing platform.
The 8 individual patches will follow shortly in replies to this mail.
Regards,
Dan.
[1] http://www.mail-archive.com/address@hidden/msg11554.html
[2] http://www.mail-archive.com/address@hidden/msg08681.html
[3] http://sourceforge.net/projects/vencrypt/
[4] http://gtk-vnc.sourceforge.net/
[5] http://virt-manager.org/
[6] http://www.gnome.org/~jwendell/vinagre/
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
- [Qemu-devel] PATCH 0/8: Authentication support for the VNC server,
Daniel P. Berrange <=
- Re: [Qemu-devel] PATCH 1/8: Refactor VNC server setup API, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 2/8: Extend monitor 'change' command for VNC, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 3/8: VNC password authentication, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 4/8: VeNCrypt basic TLS support, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 5/8: x509 certificate for server, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 6/8: x509 client certificate verification, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 7/8: custom location for x509 cert paths, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 8/8: document all VNC authentication options, Daniel P. Berrange, 2007/08/13
- Re: [Qemu-devel] PATCH 0/8: Authentication support for the VNC server, Anthony Liguori, 2007/08/15