Re: [Libvirt] VNC auth per VM

On Thu, Jun 11, 2009 at 11:10:47AM +0200, Christian Weyermann wrote: > Daniel P. Berrange schrieb: > >> On Thu, Jun 11, 2009 at 04:05:39AM -0400, Jim Paris wrote: >> >> >>> Daniel P. Berrange wrote: >>> >>> >>>> On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote: >>>> >>>> >>>>> Hello everybody, >>>>> >>>>> I encountered the following problem. I want my users to only be able to >>>>> connect to their own virtual machines via VNC. Is there any way to do so? >>>>> >>>>> >>>> The VNC authentication setup is currently being done per-host, so there >>>> is no way to define ACLs per-(user,vm) tuple as you describe. >>>> >>>> >>> What about the VNC password? >>> That's per-VM, isn't it? >>> >>> >> That is true by I don't really consider VNC password to be useful. It is >> utterly insecure. If you want to have plain passwords, then its better to >> use the new SASL authentication method, with its Digest-MD5 plugin. That >> is still not top-grade security, but it is better then VNC password and >> allows configuration of arbitrary Username+pasword pairs.. At which point >> we just need ACLs against the usernames. SASL also provide Kerberos auth, >> where we can do an ACL against the Kerberos principle name. And VeNCrypt >> provides TLS+x509 certificates which you can either layer SASL over again, >> or require client x509 certs and do an ACL against the client CNAME >> > Ok, so let me sumarize: It is possible to define username+password pairs > via SASL. SASL can also sync with Kerberos. So the only problem left is, > that there is no way to assign a specific username to a VM. So, what we > need is a plugin, where we have an username and a virtual machine as > input and we need to refuse the connection, if this pair is not valid. > The VNC Server is part of libvirt, so the perfect method to add this > functionallity would be the VNC Servers authenticate or start method. > > However, a Windows user is still not able to connect as there is no > windows vnc client capable of doing SASL. > GTK-VNC builds on Windows, and so does libvirt. So the intent was that we'd be able to have virt-viewer working on Windows using those two. Oh, when I say Windows, i mean Mingw32