Re: [Fedora-xen] FYI: vnc console now only accessible on 127.0.0.1 by default

["Daniel P. Berrange" <berrange redhat com>]

On Mon, Oct 02, 2006 at 09:10:51PM +0100, Daniel P. Berrange wrote:
> Just a heads-up for anyone who uses the VNC service for accessing the 
> graphical framebuffer for fully-virt & para-virt guests. As of xen-3.0.2-43

I do of course actually mean 'xen-3.0.2-42'

* Sep 29 2006 Daniel P. Berrange <berrange redhat com> - 3.0.2-42
- Added vnclisten patches to make VNC only listen on localhost
  out of the box, configurable by 'vnclisten' parameter (bz 203196)

> in rawhide, the VNC server will default to only accepting connections on 
> localhost (127.0.0.1). The reason for this change is that the VNC servers 
> do not currently[1] have any support for VNC password authentication, so 
> listening on 0.0.0.0 by default is rather a bad idea.
> 
> If you need to revert to old behaviour either set vnclisten="0.0.0.0" in
> the guest domain's config, or to change it system wide, set the vnc-listen
> parameter in /etc/xen/xend-config.sxp. I'd recommend though to just forward
> the VNC port securely over SSH instead if feasible.
> 
> Regards,
> Dan.
> 
> [1] Password support is under active development & will hopefully also
>     appear real soon now...


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|