TightVNC feature has been renamed to TigerVNC
Daniel P. Berrange
berrange at redhat.com
Wed Mar 4 13:44:25 UTC 2009
On Wed, Mar 04, 2009 at 06:38:01AM -0500, Adam Tkac wrote:
> On Wed, Mar 04, 2009 at 12:10:13PM +0000, Daniel P. Berrange wrote:
> > Do you have any plans to implement the VeNCrypt extension in the
> > server side ? This is the TLS/SSL + x509 certificate extension we
> > have standardized on for QEMU, Xen, KVM and GTK-VNC (used by
> > virt-viewer, virt-manager and vinagre clients). I would also like
> > to add it to the GNOME VINO, since VINO's own TLS extension is flawed
> > by not using x509 credentials. That leaves TigerVNC without a good
> > interoperable TLS extension, so it'd be desriable to implement VeNCrypt
> > there so we have a consistent TLS extension that's interoperable
> > across all the VNC clients & servers in Fedora.
>
> Yes, we are interested in VeNCrypt extension and we think that this
> is the best approach for encrypted sessions. There are some patches
> based on gnutls so we can probably use them. Main reason why they are
> still not in upstream is that we would like to use libnss instead of
> gnutls. But we will use gnutls based patches before libnss based
> support will be ready.
>
> Btw could you point me if there is any documentation of VeNCrypt
> instead of source code, please? ;)
Stewart Becker (who wrote VeNCrypt) sent a mail to qemu-devel outlining
the spec for it:
http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html
The only change since that time is that he allocated two more
sub-auth codes for layering the new SASL auth over VeNCrypt
263: X509SASL
264: TLSSASL
> > Following on from that I also recently defined & implemented another
> > VNC auth extension based on SASL. This provides for a good extendable
> > authentication capability, most importantly including GSSAPI Kerberos
> > for single sign on. I've got it implemented for QEMU, KVM, GTK-VNC and
> > VINO already, so again it'd be good to plan for adding it to TigerVNC
> > too so we have a widely interoperable strong authentication system.
>
> I know about SASL authentication (I'm subscribed to vnc-list ;)).
> But we haven't discussed it, yet.
Ok, i'm happy to help out and/or advise with this when the time comes
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the fedora-devel-list
mailing list