On 02/17/2015 09:53 AM, Daniel P. Berrange wrote: > On Tue, Feb 17, 2015 at 05:40:45PM +0100, Michal Privoznik wrote: >> So, imagine you've started a guest with ticketing enabled. You've set >> some password to access your SPICE/VNC session. However, later you >> want to give the access to somebody else's and therefore disable the >> ticketing. Come on, be imaginative! Currently, there's no way how to >> achieve this. And while there are two possible ways to fulfill the >> goal: 1) invent new monitor command to disable ticketing, or 2) let >> @password argument to 'set_password' monitor command be optional, I'm >> choosing the latter. It's easier to implement, after all. >> >> The idea behind, how this will work, is: if user issues the command >> without the password field, it means they want to disable the >> ticketing. Any subsequent call to the call with password field filled >> in, will enable the ticketing again. > > When password auth is enabled with VNC, the use of a NULL / empty string > password is explicitly intended to block access to the VNC server, by > causing the password auth to always return failure. Overloading the > 'set_password' command such that a missing password changes the auth > scheme in use is a really surprising and bad side effect. > > If we want to have the ability to change the authentication protocol > used for VNC/SPICE, then lets add a proper command for this. ie > create a 'set_graphics_auth' command to change auth protocol. This > is really better for VNC anyway, as there are far more possible auth > schemes than just password or no-password, and overloading the > 'set_password' command can't handle that.
Agreed about the need for a new command; another rationale is that making an argument optional is NOT discoverable without introspection or painful probing, but adding a new command IS easily discovered via the existing query commands that list all commands. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature