Re: Implementing VNC per VM access control lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 07, 2011 at 11:56:30AM +0000, Neil Wilson wrote:
> On Fri, 2011-01-07 at 11:47 +0000, Daniel P. Berrange wrote:
> 
> > > The option only really makes sense if either vnc_tls_x509_verify or
> > > vnc_sasl is set as well, so it may be worth only activating 'acl' in the
> > > code if either of those two are also on.
> > 
> > If you enable 'acl' and don't add any rules to the ACL, then
> > no one will be able to connect. So we can't automatically
> > add ',acl' when either of those two options you mention are
> > present, because that would break all existing usage.
> 
> Yes. I'm not suggesting automatically. That obviously wouldn't work.
> What I was asking is if vnc_acl=1 should it add it regardless of the
> other options or only when either 'vnc_sasl=1' or
> 'vnc_tls_x509_verify=1' as well.

I don't think it matters either way really, since its just shifting
who is ignoring it. Either libvirtd ignores it when sasl/tls aren't
active, or qemu will ignore it.

Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]