This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Individual passwords for guest VNC servers ?

To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-devel] Individual passwords for guest VNC servers ?
From: "George Dunlap " <dunlapg@xxxxxxxxx>
Date: Thu, 31 Aug 2006 11:43:22 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Delivery-date: Thu, 31 Aug 2006 08:43:49 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=d6dpq7kVOLab2B9xR7KG3XQW9CXCmw2wPMd2+6L+TJg/stlgRDSt8haJxlVRSPur6m/Ky8zxSdL8yCfprZUa2Y/iNdVl8f/OmdirQkilTjwzm7CnNpDG8MYzx0AYv5GXtvgqy41Vr01jxytvAbm1L7ZZWH3Exef90W9CiQK4qAE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060831013840.GB22345@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20060816181153.GC25831@xxxxxxxxxx> <20060825004436.GL809@xxxxxxxxxx> <JC2006083110235610.59547031@xxxxxxxxxxxxxx> <20060831013840.GB22345@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On 8/30/06, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
I think we should be secure by default - if they omit the password then
we should either generate one - and store it in xenstore, or refuse to
activate VNC server. If we really really want to allow no passwords, then
admin could have to explicitly request it with vnc_no_password=1
in the config file - but my prefernce is still that we should flat out
refuse to allow an empty password - in this day & day its just plain wrong.
RealVNC server for example, refuses to allow empty password.

IMHO this kind of "I'll make you do this for your own good" is a bug,
not a feature.

When I run a VNC server, I typically have it bound to accept
connections only from localhost, then I SSH tunnel in.  I'm the only
one using the box, so I know that no one else can log in. Being forced
to have a password when I'm already using much stronger authentication
is an annoyance and a waste of my time.

You can imagine other situations where the administrator knows that
having no password is as secure as he needs it-- on an internal
network or VPN, for instance.  Or, a single user on a local machine.
If I've got the box sitting in front of me, no one else can log in,
and I type "xm create -f hvm.cfg", why should I have to type a

Having the "vnc_no_password" option is my preference; it encourages
right behavior where appropriate, but leaves the administrator the
option to make an informed decision.


Xen-devel mailing list