On Fri, 2011-01-07 at 11:47 +0000, Daniel P. Berrange wrote:
> The option only really makes sense if either vnc_tls_x509_verify
or
> vnc_sasl is set as well, so it may be worth only activating 'acl' in the
> code if either of those two are also on.
If you enable 'acl' and don't add any rules to the ACL, then
no one will be able to connect. So we can't automatically
add ',acl' when either of those two options you mention are
present, because that would break all existing usage.
Yes. I'm not suggesting automatically. That obviously wouldn't work.
What I was asking is if vnc_acl=1 should it add it regardless of the
other options or only when either 'vnc_sasl=1' or
'vnc_tls_x509_verify=1' as well.
Regards
Neil