kolla-ansible

enable "auth_schemes" "vencrypt" to enable cert based auth between novncproxy and qemu

Bug #2043709 reported by Sven Kieske on 2023-11-16

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	Confirmed	Undecided	Unassigned

Bug Description

config reference:

https://docs.openstack.org/nova/latest/configuration/config.html#vnc.auth_schemes

to prevent direct access to the qemu-console cert based auth should be used.

Todo: find out which certs to use for this, maybe something already present can be reused here.

[vnc]vencrypt_client_key, [vnc]vencrypt_client_cert: must also be set

a user reported this as a possible (security) bug via IRC.

currently it is possible to connect to any vnc session with any vnc client by just pointing the client at the port/ip combination.

depending on your point of view this might be viewed as a security bug, but as the information is already publicly available both in code as in the IRC chatlogs I choose not to open a private bug for this.

Maksim Malchuk (mmalchuk) on 2023-11-19

Changed in kolla-ansible:
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.