qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (se

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode
Date: Tue, 05 Jun 2012 09:23:21 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120422 Thunderbird/10.0.4 
  Hi,

>> Which gets me to a new idea. Why not exit(1) when we detect FIPS and a
>> password is set? I agree with the assessment that we should never
>> silently drop features. So the best way to make sure that the user
>> knows he did something stupid (enable FIPS, but require a non-FIPS
>> compliant authentication method) would be to just quit, no?
> 
> I think my primary requirement is: allow a user to use vnc
> authentication even when fips mode is active by using some command line
> option.

That doesn't make sense to me at all.  If fips is enabled by accident
just disable it.  If fips is enabled intentionally I don't think qemu
should ignore it and allow to use weak vnc auth.  Fips users should
setup sasl instead I guess ...

cheers,
  Gerd
reply via email to
[Prev in Thread] Current Thread [Next in Thread]