[Qemu-devel] PATCH 0/8: Authentication support for the VNC server

[Daniel P. Berrange]

The current VNC server implementation does not have support for the
authentication of incoming client connections. The following series
of patches provide support for a number of alternatives, all compliant
with the VNC protocol spec. The simplest mechanism (and the weakest)
is the traditional VNC password scheme based on weak d3des hashing of
an 8 byte key. The more serious mechanism uses TLS for data encryption
of the entire session, and x509 certificates for both client and server
authentication.

The patches are an iteration on the previous work I posted a couple 
of weeks ago[1]. This addresses all the issues raised in the previous
review along with a couple of edge cases I discovered. Since TLS can be
quite perplexing, I also included some documentation on how to setup a 
CA, and issue client & server certs in a manner suitable for use with 
the VNC server.

For the basic VNC password auth, this patch should be compatible with
any standard VNC client such as RealVNC. The TLS based auth schemes
require a client that implements the VeNCrypt extension[2]. The client
from the VeNCrypt[3] project of course is one example. The GTK-VNC[4]
widget which is used by Virt Manager[5] and Vinagre [6] also support
it, and are my primary testing platform.

The 8 individual patches will follow shortly in replies to this mail.

Regards,
Dan.

[1] http://www.mail-archive.com/address@hidden/msg11554.html
[2] http://www.mail-archive.com/address@hidden/msg08681.html
[3] http://sourceforge.net/projects/vencrypt/
[4] http://gtk-vnc.sourceforge.net/
[5] http://virt-manager.org/
[6] http://www.gnome.org/~jwendell/vinagre/
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|