On Thursday, May 03, 2012 04:54:42 PM Alexander Graf wrote: > On 02.05.2012, at 21:32, Paul Moore wrote: > > FIPS 140-2 requires disabling certain ciphers, including DES, which is > > used > > by VNC to obscure passwords when they are sent over the network. The > > solution for FIPS users is to disable the use of VNC password auth when > > the > > host system is operating in FIPS mode. > > > > This patch causes qemu to emit a syslog entry indicating that VNC password > > auth is disabled when it detects the host is running in FIPS mode, and > > unless a VNC password was specified on the command line it continues > > normally. However, if a VNC password was given on the command line, qemu > > fails with an error message to stderr explaining that VNC password auth is > > not allowed in FIPS mode. > > I just talked to Roman about this one and he had some comments :)
I'm sure he did :) -- paul moore security and virtualization @ redhat