[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC] xl: support configuration of encrypted VNC
On Thu, 2011-12-15 at 13:29 +0000, Pasi KÃrkkÃinen wrote: > On Thu, Dec 15, 2011 at 12:25:36PM +0000, Ian Campbell wrote: > > Someone pointed out that it's not possible to configure encrypted vnc > > via xl, while it is possible via xm. This is obviously quite nice to > > have if you are logging in as root... > > > > The following is my initial attempt but TBH I'm not sure if this is > > presenting the correct interface at either the libxl or xl level. Since > > I don't actually use this stuff myself I'm finding it a bit hard to > > judge how much flexibility is needed or even what the right names/terms > > for things are. Opinions? > > > > Enabling basic TLS is simple enough but the x509 auth stuff is more > > complicated and I expect a bit of a docs tarpit (references below). > > > > I didn't do upstream qemu, stub qemu or vfb yet (there's a bunch of > > yacks in this regard, not least factoring out the duplication). Upstream > > qemu supports a few more options (e.g. sasl, see qemu(1)). SASL adds > > more complexity since it can be used with or without the x509 options > > depending on your needs and the specific SASL config you have in place > > for qemu which complexifies all the interfaces. > > > > Notes to be turned into docs in the final version: > > > > Clients seem thin on the ground, neither xtightvncviewer nor vnc4viewer > > support TLS. gvncviewer does seem to support all options. > > > > I guess it makes sense to mention 'virt-viewer' in this list aswell.. I couldn't figure out how to make it speak direct to a vnc port as opposed to needing libvirt and all that. > > -- Pasi > > > http://virt-manager.org/page/RemoteTLS has a bit of stuff and some > > useful links. In particular to http://libvirt.org/remote.html which has > > a reasonable description of how to generate appropriate certs. On the > > server I ended up with: > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |