David Jaša píše v St 17. 10. 2012 v 10:11 +0200: > Dead Horse píše v Út 16. 10. 2012 v 21:51 -0500: > > The point is valid on the random passwords in a secured environment. > > However that being said the randomly generated password does make it a > > pain when interacting with HTML5 based clients (SPICE or VNC) or any > > standalone client for that matter. > > > > Web client: > * if it is integrated with UP/webadmin, the portal should give it > password in exactly the same as it gives the password to the > plugin > * if it is not tied to any portal, then you should be able to > issue XMLHttpRequest to the REST API asking for password and > extract the temporary password from the reply (IIUC it has to > engage rest api anyway to get host/port/sport/ca/subject info)
Actually, you can't get all the necessary info via REST API as a regular user (user with no admin role): https://bugzilla.redhat.com/show_bug.cgi?id=867513 but that will be fixed soon hopefully. David > > Standalone application can engage REST too: > http://cfergeau.blogspot.cz/2012/07/outside-boxes.html > > > > At the very least can this to be made to be configurable? The default > > can be as is but at the very least allow for configurable VNC or SPICE > > passwords if so desired.. > > > > Curiously I know that the Web UI does not allow for this now but is it > > possible to change the password policies via any existing engine or > > vdsm configurations/parameters? > > EG: > > - default 120 second password re-generation, can this be altered? > > - fixed vs randomly generated password? > > > > in the REST API, you can configure password validity per request (using > <expiry> tag) > > > A side note are there any plans of the horizon for integrating support > > or allowing for interaction with HTML5 based clients mostly VNC but > > with new SPICE HTML5 client? > > I seem to recall RFEs for that (both novnc and spice html5) but I've got > no idea if there is somebody actually working on them. > > David > > > > > - DHC > > > > On Fri, Oct 12, 2012 at 9:42 AM, David Jaša <[email protected]> wrote: > > Hi, > > > > Dead Horse píše v Čt 11. 10. 2012 v 12:00 -0500: > > > Would like to make a couple of small feature requests. > > > > > > 1) Allow for the SPICE or VNC password to be set in the UI > > by admin's > > > or power users. > > > Benefit: (Assumes spice SSL has been disabled) allows user > > or admin to > > > set a password for access by a standalone remote session via > > vncviewer > > > or remote-viewer or the spice html5 implementation which is > > WIP, or > > > standalone HW thin client > > > - This may also assume that vdsm is running with SSL > > disabled as well > > > to have had vdsm make the neccesary changes to the qemu > > spice > > > configuration > > > > > > Drawback: users can choose repetitive and/or weak passwords. > > Generating > > a new random password for each connection is the best thing > > from > > security POV in my opinion. > > > > > > > > 2) Display currently configured OR generated password and > > IP/Port for > > > either VNC or SPICE console of the VM within the PUP and > > Admin UI > > > Benefit: At the very least a standalone remote client can be > > used to > > > connect once the password and IP/PORT is known for spice or > > VNC > > > - Currently VNC will display a dialog that shows the this > > info but it > > > would be more useful to have it displayed in the UI given > > proper > > > privilege > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=843397 > > https://bugzilla.redhat.com/show_bug.cgi?id=843410 > > > > > > > > 3) Display the UUID of a VM in the Admin UI (similar to the > > how the > > > disks tab breaks down and shows DISK UUID mappings) > > > - Benefit: Easier for administrators to map UUID to VM > > config file > > > data in the data stores or export domains > > > > > > IMO full uuid should be displayed in General subtab only > > because it's > > too long to have it as a column. > > > > It would be nice to see it in a column though in some > > shortened form > > because it could probably enable relaxing of > > unique-name-of-VM-in-whole-setup restriction. > > > > David > > > > > > > > - DHC > > > > > > _______________________________________________ > > > Engine-devel mailing list > > > [email protected] > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > -- > > > > David Jaša, RHCE > > > > SPICE QE based in Brno > > GPG Key: 22C33E24 > > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 > > > > > > > > > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > -- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
