Re: TightVNC feature has been renamed to TigerVNC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 04, 2009 at 06:38:01AM -0500, Adam Tkac wrote:
> On Wed, Mar 04, 2009 at 12:10:13PM +0000, Daniel P. Berrange wrote:
> > Do you have any plans to implement the VeNCrypt extension in the 
> > server side ? This is the TLS/SSL + x509 certificate extension we
> > have standardized on for QEMU, Xen, KVM and GTK-VNC (used by 
> > virt-viewer, virt-manager and vinagre clients). I would also like
> > to add it to the GNOME VINO, since VINO's own TLS extension is flawed
> > by not using x509 credentials. That leaves TigerVNC without a good
> > interoperable TLS extension, so it'd be desriable to implement VeNCrypt
> > there so we have a consistent TLS extension that's interoperable
> > across all the VNC clients & servers in Fedora.
> 
> Yes, we are interested in VeNCrypt extension and we think that this
> is the best approach for encrypted sessions. There are some patches
> based on gnutls so we can probably use them. Main reason why they are
> still not in upstream is that we would like to use libnss instead of
> gnutls. But we will use gnutls based patches before libnss based
> support will be ready.
> 
> Btw could you point me if there is any documentation of VeNCrypt
> instead of source code, please? ;)

Stewart Becker (who wrote VeNCrypt) sent a mail to qemu-devel outlining
the spec for it:

  http://www.mail-archive.com/qemu-devel@xxxxxxxxxx/msg08681.html

The only change since that time is that he allocated two more
sub-auth codes for layering the new SASL auth over VeNCrypt

   263: X509SASL
   264: TLSSASL

> > Following on from that I also recently defined & implemented another
> > VNC auth extension based on SASL. This provides for a good extendable
> > authentication capability, most importantly including GSSAPI Kerberos
> > for single sign on. I've got it implemented for QEMU, KVM, GTK-VNC and
> > VINO already, so again it'd be good to plan for adding it to TigerVNC
> > too so we have a widely interoperable strong authentication system.
> 
> I know about SASL authentication (I'm subscribed to vnc-list ;)).
> But we haven't discussed it, yet.

Ok, i'm happy to help out and/or advise with this when the time comes 

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux