Message ID | 4CCFF2CE.1040902@redhat.com |
---|---|
State | New |
Headers | show |
On 11/02/10 12:15, Gerd Hoffmann wrote: > Hi, > >>> How does password expiration help with security at all? >> >> VNC passwords are obviously rather weak, so if you can limit >> the time the password is valid to the window in which you >> are expecting the incoming VNC connection this limits the >> time to attack the VNC password. A mgmt tool could do >> >> - Set a VNC password >> - Open the VNC connection >> - Clear the VNC password >> >> If anything goes wrong in the mgmt tool at step 2 though, >> then it may never to step 3, leaving the VNC server accessible. >> If it had set a password expiry at step 1, it would have a >> safety net that guarentees the password will be invalid after >> 'n' seconds, even if not explicitly cleared. Given how little >> code this is in QEMU, I think it is a worthwhile feature. > > Anthony? Do you agree? If so I have a updated tree to pull from for you > (rebased to latest master, added sign-offs, otherwise unmodified). [ ... ] > are available in the git repository at: > git://anongit.freedesktop.org/spice/qemu passwd.2 Ping? What is the status here? cheers, Gerd
On 11/09/2010 07:42 AM, Gerd Hoffmann wrote: >> are available in the git repository at: >> git://anongit.freedesktop.org/spice/qemu passwd.2 > > Ping? What is the status here? My view is that it's wrong for QEMU because it's a specific management policy that isn't generally useful. It can be easily implemented outside of QEMU. Of course, if both you and Dan disagree strongly, since this is so little code, I'll leave the final decision up to you. Regards, Anthony Liguori > cheers, > Gerd >