Re: [gtk-vnc-devel] Auth types

From: Jonh Wendell <jwendell gnome org>
To: gtk-vnc-devel List <gtk-vnc-devel lists sourceforge net>
Subject: Re: [gtk-vnc-devel] Auth types
Date: Thu, 06 Sep 2007 13:37:27 -0300

Em Ter, 2007-09-04 às 21:19 +0100, Daniel P. Berrange escreveu:
> On Mon, Sep 03, 2007 at 05:53:37PM -0300, Jonh Wendell wrote:
> > Hi, folks.
> > 
> > Currently the widget is choosing the first auth method reported by the
> > server (vncdisplay.c::on_auth_type())
> > 
> > Said that, i ask what would be better:
> > 
> > 1) The widget knows which auth method is safer, and choose it
> > automatically; or
> > 2) The widget raises a signal asking for the application what auth type
> > to be used?
> 
> To my mind, punting the decision on which auth method to choose is to a large
> extent just avoiding the real problem. Ultimately we need a criteria with
> which to choose auth method & punting it to apps ensures every app will do it
> in  a different way. This will suck for compatability.
> 
> So my questions for this are basically..
> 
>   - What criteria will the application use for choosing authentication
>     methods ?
>   - How do we ensure that we can add support for new auth types in the
>     widget without needing apps to fix their logic for choosing auth type ?
> 
> Anthony suggests one criteria which is the level of security provided by a
> particular auth type. This would require us to rank the auth methods in some
> way and then let the app specify some minimum ranking level to accept. Not
> an easy task since its hard to classify auth methods in a linear scale.
> 
> Another criteria might be to choose based on what credentials we have, and
> or what credentials we'd prefer to use.  Currently we can't do this because
> we have no way for the app to tell the widget that it doesn't have certs 
> available ahead of time. So the only option is for the widget to request the 
> certs & then fail - but by then its too late.  We could address this by 
> allowing the app to tell the widget to blacklist auth methods which require
> particular credentials.
> 
> So the app could say 'only accept an auth method requiring a password'. This
> lets the widget automatically reject any requiring x509 certs, or usernames.
> 
> Taking this idea still further if the credential types were bitmasks, the
> app could say 'only accept an auth method requiring a password & cert'.
> By combining credentials it allows the app to indirectly specify some kind
> of minimum security level for the auth. So the widget would reject any auth
> method requiring merely a password.
> 
> To me this kind of API is preferable to asking the app to directly choose
> amongst the auth methods. It gives the application indirect control over the
> auth methods, by allowing specification of its desired security characteristics,
> without exposing it to horrible VNC implementation details todo with auth
> schemes.
> 
> Regards,
> Dan.

Well, now i you managed to make me confuse :)
I think this is more complicated that i had thought.

Is this as easy to implement as the raise-a-signal solution?
I was ready to start implement this, but now, my hands are blocked :)

Cheers,
-- 
Jonh Wendell
jonh wendell gmail com (MSN / Google Talk)

Linux User #114432
https://launchpad.net/~wendell

References:
- [gtk-vnc-devel] Auth types
  - From: Jonh Wendell
- Re: [gtk-vnc-devel] Auth types
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]