|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC] xl: support configuration of encrypted VNC
On Thu, Dec 15, 2011 at 12:25:36PM +0000, Ian Campbell wrote: > Someone pointed out that it's not possible to configure encrypted vnc > via xl, while it is possible via xm. This is obviously quite nice to > have if you are logging in as root... > > The following is my initial attempt but TBH I'm not sure if this is > presenting the correct interface at either the libxl or xl level. Since > I don't actually use this stuff myself I'm finding it a bit hard to > judge how much flexibility is needed or even what the right names/terms > for things are. Opinions? > > Enabling basic TLS is simple enough but the x509 auth stuff is more > complicated and I expect a bit of a docs tarpit (references below). > > I didn't do upstream qemu, stub qemu or vfb yet (there's a bunch of > yacks in this regard, not least factoring out the duplication). Upstream > qemu supports a few more options (e.g. sasl, see qemu(1)). SASL adds > more complexity since it can be used with or without the x509 options > depending on your needs and the specific SASL config you have in place > for qemu which complexifies all the interfaces. > > Notes to be turned into docs in the final version: > > Clients seem thin on the ground, neither xtightvncviewer nor vnc4viewer > support TLS. gvncviewer does seem to support all options. > I guess it makes sense to mention 'virt-viewer' in this list aswell.. -- Pasi > http://virt-manager.org/page/RemoteTLS has a bit of stuff and some > useful links. In particular to http://libvirt.org/remote.html which has > a reasonable description of how to generate appropriate certs. On the > server I ended up with: > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |