From: Daniel Berrange <1809252@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 1809252] Re: Password authentication in FIPS-compliant mode
Date: Thu, 20 Dec 2018 14:47:55 -0000 [thread overview]
Message-ID: <154531727594.2249.17418510241473588973.malone@chaenomeles.canonical.com> (raw)
In-Reply-To: 154531078494.20640.11118060956049517137.malonedeb@wampee.canonical.com
The VNC password authentication scheme is not extensible. It is
unfixably broken by design.
QEMU provides the SASL authentication scheme for VNC which allows for
strong authentication, when combined with the VeNCrypt authentication
scheme that uses TLS.
These extensions are supported by the gtk-vnc client used by remote-
viewer, virt-viewer, virt-manager, GNOME Boxes and more. Other VNC
clients are also known to implement VeNCrypt, though SASL support is
less wide spread.
>From a QEMU POV, there's nothing more we need todo really - any
remaining gaps are client side.
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1809252
Title:
Password authentication in FIPS-compliant mode
Status in QEMU:
Invalid
Bug description:
The documentation states, that:
"The VNC protocol has limited support for password based
authentication. (...) Password authentication is not supported when
operating in FIPS 140-2 compliance mode as it requires the use of the
DES cipher."
Would it be possible for qemu to use a different cipher and re-enable
password as an option in VNC console? Is there a technical reason for
not using a stronger cipher?
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1809252/+subscriptions
next prev parent reply other threads:[~2018-12-20 15:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-20 12:59 [Qemu-devel] [Bug 1809252] [NEW] Password authentication in FIPS-compliant mode Tomasz Barański
2018-12-20 14:41 ` Eric Blake
2018-12-20 14:47 ` Daniel Berrange [this message]
2018-12-21 8:12 ` [Qemu-devel] [Bug 1809252] " Tomasz Barański
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=154531727594.2249.17418510241473588973.malone@chaenomeles.canonical.com \
--to=1809252@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.