On Fri, Jan 07, 2011 at 11:56:30AM +0000, Neil Wilson wrote:
On Fri, 2011-01-07 at 11:47 +0000, Daniel P. Berrange wrote:
The option only really makes sense if either vnc_tls_x509_verify or vnc_sasl is set as well, so it may be worth only activating 'acl' in the code if either of those two are also on.
If you enable 'acl' and don't add any rules to the ACL, then no one will be able to connect. So we can't automatically add ',acl' when either of those two options you mention are present, because that would break all existing usage.
Yes. I'm not suggesting automatically. That obviously wouldn't work. What I was asking is if vnc_acl=1 should it add it regardless of the other options or only when either 'vnc_sasl=1' or 'vnc_tls_x509_verify=1' as well.
I don't think it matters either way really, since its just shifting who is ignoring it. Either libvirtd ignores it when sasl/tls aren't active, or qemu will ignore it. Daniel