Xen project Mailing List

Re: [Xen-devel] Individual passwords for guest VNC servers ?

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Date: Fri, 22 Sep 2006 15:43:30 +0100

Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>

Delivery-date: Fri, 22 Sep 2006 07:44:13 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Fri, Sep 22, 2006 at 02:54:24PM +0100, Ian Pratt wrote: > > Passing around passwords either on the command line, or environment is > a > > big red flag from a security POV. Also the Xen guest & xend config > files > > all default to world readable. I think we should follow the Apache > model > > and store the passwords out-of-band from the main config. eg > > > > (vncpasswordfile '/etc/xen/vncpassword') > > > > At this point it would make sense to have one password file for all > guests, > > and store them in format: 'vm-name: pw-hash' > > The new life cycle management stuff in post 3.0.3 xend changes this > quite a bit as a config file is only used when initially creating a VM, > and then information about it gets stored in xend's database. The > current password associated with a VM would be one of the parameters > stored in the database, and should be updated using 'xm vnc-password' or > shuch like. As long as XenD makes sure its DB is not world readable, this sounds reasonable. > > As Ian just suggested we could have command 'xm password' for > updating > > these passwords (cf apache's htpasswd command) > > > > Now when launching qemu-dm, we can either pass the path to the > password > > file on its command line, eg -passwordfile /etc/xen/password, or > > passs the actual password to qemu-dm down a pipe (eg qemu-dm would > read > > the password from filehandle 3 upon startup). The latter would be my > > preference, since then we could isolate the password handling stuff in > > Xend, and not duplicate it in qemu-dm, and the paravirt equivalent. > > I wouldn't rely on qemu-dm staying in dom0. I think the information > should be passed transiently via xenstore. Yeah, that's probably best solution particularly since qemu-dm is already reading/writing to the xenstore it should be little work to also fetch the password from there. Dan, -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.