On Tue, Jan 30, 2007 at 01:03:20PM +0100, Yellis Services wrote: > Hello, > > I have adapted a xen path to kvm-qemu. > This patch enable auth in vnc > > qemu ../.. -hda=/home/os.img -vnc -vncpasswd toto > > work with vncviewer on linux and Win. > Don't work with vncviewer applet via http, must be fixed.
Passing passwords around on the command line is not really a viable implementation because they can trivially be snooped by any user on the system. Likewise environment variables are not suitable. I suggest two approaches: 1. Pass the name of a file containing the password on the command line. QEMU can then read the password from this file. This is the approach taken by the regular VNC server - eg it stores a passwd in $HOME/.vnc/passwd. This passwd file can be chmod 0600 to secure it from other userseg. This is useful for a user who is laucnhing qemu process mannually and wants to make them all use a single passwd. qemu ../.. -hda=/home/os.img -vnc -vncpasswdfile /path/to/file 2. Allow the password to be passed to the QEMU process via a file descriptor. This is useful if the QEMU process is being launched by some form of management process, letting the parent process easily control the password per-QEMU process without writing out a great many files. qemu ../.. -hda=/home/os.img -vnc -vncpasswdfd 7 So in fact I think it would be very useful to implement both approaches, because they serve different use cases and I don't think there would be too much code overhead in having both supported. Aside from how you supply the initial password, the rest of the patch looks good to me. It would probably be worthwhile posting this to upstream qemu-devel too, to avoid the need for further KVM-specific fork of the codebae. Regards, Dan -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel