These all look good to me! Regards,
Anthony Liguori On Mon, 2007-08-13 at 20:25 +0100, Daniel P. Berrange wrote: > The current VNC server implementation does not have support for the > authentication of incoming client connections. The following series > of patches provide support for a number of alternatives, all compliant > with the VNC protocol spec. The simplest mechanism (and the weakest) > is the traditional VNC password scheme based on weak d3des hashing of > an 8 byte key. The more serious mechanism uses TLS for data encryption > of the entire session, and x509 certificates for both client and server > authentication. > > The patches are an iteration on the previous work I posted a couple > of weeks ago[1]. This addresses all the issues raised in the previous > review along with a couple of edge cases I discovered. Since TLS can be > quite perplexing, I also included some documentation on how to setup a > CA, and issue client & server certs in a manner suitable for use with > the VNC server. > > For the basic VNC password auth, this patch should be compatible with > any standard VNC client such as RealVNC. The TLS based auth schemes > require a client that implements the VeNCrypt extension[2]. The client > from the VeNCrypt[3] project of course is one example. The GTK-VNC[4] > widget which is used by Virt Manager[5] and Vinagre [6] also support > it, and are my primary testing platform. > > The 8 individual patches will follow shortly in replies to this mail. > > Regards, > Dan. > > [1] http://www.mail-archive.com/qemu-devel@nongnu.org/msg11554.html > [2] http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html > [3] http://sourceforge.net/projects/vencrypt/ > [4] http://gtk-vnc.sourceforge.net/ > [5] http://virt-manager.org/ > [6] http://www.gnome.org/~jwendell/vinagre/
