On Thu, Jun 11, 2009 at 04:05:39AM -0400, Jim Paris wrote:
Daniel P. Berrange wrote:
On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote:
Hello everybody,
I encountered the following problem. I want my users to only be able to connect to their own virtual machines via VNC. Is there any way to do so?
The VNC authentication setup is currently being done per-host, so there is no way to define ACLs per-(user,vm) tuple as you describe.
What about the VNC password? That's per-VM, isn't it?
With KVM/QEMU, you can set a VNC password per VM. But I think it is either/or though; you can use VNC with passwords (no encryption), or use VNC with TLS, which is encrypted, but anyone with a valid certificate can connect (to any VM). Someone correct me if I'm wrong on that. -- Garry Dolley ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181 Data center, VPS, and IP Transit solutions Member Los Angeles County REACT, Unit 336 | WQGK336 Blog http://scie.nti.st