|
From: | Gerd Hoffmann |
Subject: | Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode |
Date: | Tue, 05 Jun 2012 09:23:21 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120422 Thunderbird/10.0.4 |
Hi, >> Which gets me to a new idea. Why not exit(1) when we detect FIPS and a >> password is set? I agree with the assessment that we should never >> silently drop features. So the best way to make sure that the user >> knows he did something stupid (enable FIPS, but require a non-FIPS >> compliant authentication method) would be to just quit, no? > > I think my primary requirement is: allow a user to use vnc > authentication even when fips mode is active by using some command line > option. That doesn't make sense to me at all. If fips is enabled by accident just disable it. If fips is enabled intentionally I don't think qemu should ignore it and allow to use weak vnc auth. Fips users should setup sasl instead I guess ... cheers, Gerd
[Prev in Thread] | Current Thread | [Next in Thread] |