Re: [gtk-vnc-devel] auth patch

From: Anthony Liguori <anthony codemonkey ws>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: gtk-vnc-devel List <gtk-vnc-devel lists sourceforge net>
Subject: Re: [gtk-vnc-devel] auth patch
Date: Fri, 22 Jun 2007 15:43:28 -0500

Daniel P. Berrange wrote:

IIRC, for RFB 3.8, the server presents a set of potential auth types,and then the user chooses the one he wants to use and sends it back tothe server. I think any interface we have has to allow:
This is exactly what I was trying to described below....


Oops, sorry :-)

1) Notify user that the server requires auth


Emit a signal


Agreed.

2) A mechanism for the user to enumerate the auth types supported by theserver
A parameter to the signal

Pass a list of strings/ints? My only concern is that pygtk is veryweird about what it can and can't marshal to signal handlers. As longas it works with pygtk, I have to problem passing a GSList.

3) A mechanism for the user to choose the auth type
4) A mechanism for the user to provide the required credentials for theauth type.
You could probably combined steps 3 & 4 by making setting thecredentials implicitly choose the auth type.
No that won't work since there's several auth types which all
acccept a password. And several auth types which don't have
explicitly specified credentials (eg, x509 keys are read off
disk out-of-band).

I think probably want

  gvnc_set_credential_password(value)
  gvnc_set_credential_username(value)
  ....


I was thinking more along:

vnc_display_set_vnc_auth_credential(widget, password);
vnc_display_set_vencrypt_credential(widget, username, password);
...

Or a generic

   gvnc_set_credential(type, value)

And then the

   gvnc_auth(type)


If we're going generic, I'd prefer:

gvnc_set_credential(type, ...);

So that everything can be set in one swoop. I like that static typesafety of the former approach though. There aren't many auth types atthe moment and I don't expect there to be that many either.

Although TLS is rather crazy IIRC with respect to the sort of mechanismsit can encapsulate. Does vencrypt support arbitrary credentialsdepending on the negotiated auth type or does it only do x509 basedauthentication?


Regards,

Anthony Liguori

which would  validate the required credentials for 'type' had been
set, and then continue the auth process as described below...

References:
- [gtk-vnc-devel] auth patch
  - From: Jonh Wendell
- Re: [gtk-vnc-devel] auth patch
  - From: Daniel P. Berrange
- Re: [gtk-vnc-devel] auth patch
  - From: Anthony Liguori
- Re: [gtk-vnc-devel] auth patch
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]