|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] ioemu: empty vnc passwd
On Wednesday 23 January 2008 17:28:11 Daniel P. Berrange wrote: > On Wed, Jan 23, 2008 at 05:19:33PM +0100, Christoph Egger wrote: > > If we do a debug build let us assume we are in a testing environment. > > There an empty vnc password is ok. > > If we don't make a debug build, let us assume we are in a production > > environment where an empty vnc password is a security risk. > > That logic is flawed. VNC may be configured to use TLS +x509 certificates > which provide real security. A VNC passwd is not really very credible > security whether its zero or 8 chars in length. It shouldn't try to > second guess what an admin wants. That's right. vnc-auth is nothing. TLS (vnc security type 18) and Tight (vnc security type 16) are much better. > VNC password authentication is turned on / off via the ',passwd' flag on > the -vnc command line to QEMU. If password auth is on, and a zero length > string is found as a password, then all logins are completely disabled - > the VNC password auth code will fail all logins. If passwd auth is off on > the command line, then any password stored in xenstore is irrelevant, no > matter what length it is. > > Dan. -- AMD Saxony, Dresden, Germany Operating System Research Center Legal Information: AMD Saxony Limited Liability Company & Co. KG Sitz (Geschäftsanschrift): Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland Registergericht Dresden: HRA 4896 vertretungsberechtigter Komplementär: AMD Saxony LLC (Sitz Wilmington, Delaware, USA) Geschäftsführer der AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |