|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Individual passwords for guest VNC servers ?
On 8/30/06, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: I think we should be secure by default - if they omit the password then we should either generate one - and store it in xenstore, or refuse to activate VNC server. If we really really want to allow no passwords, then admin could have to explicitly request it with vnc_no_password=1 in the config file - but my prefernce is still that we should flat out refuse to allow an empty password - in this day & day its just plain wrong. RealVNC server for example, refuses to allow empty password. IMHO this kind of "I'll make you do this for your own good" is a bug, not a feature. When I run a VNC server, I typically have it bound to accept connections only from localhost, then I SSH tunnel in. I'm the only one using the box, so I know that no one else can log in. Being forced to have a password when I'm already using much stronger authentication is an annoyance and a waste of my time. You can imagine other situations where the administrator knows that having no password is as secure as he needs it-- on an internal network or VPN, for instance. Or, a single user on a local machine. If I've got the box sitting in front of me, no one else can log in, and I type "xm create -f hvm.cfg", why should I have to type a password? Having the "vnc_no_password" option is my preference; it encourages right behavior where appropriate, but leaves the administrator the option to make an informed decision. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |