Enable password support for vnc session

Bug #1450294 reported by Hua Zhang on 2015-04-30
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Wishlist
Unassigned

Bug Description

qemu supports that password based authentication is used for client connections by adding password option for -vnc as below [1].
-vnc 0.0.0.0:1,password -k en-us
qemu xml configuration file provides a VNC password in clear text.
<graphics type='vnc' port='-1' autoport='yes' listen='192.168.1.5' passwd='YOUR-PASSWORD-HERE' keymap='en-us'/>

but openstack doesn't support to configure vpn password, see the following codes:
if ((CONF.vnc_enabled and
virt_type not in ('lxc', 'uml'))):
graphics = vconfig.LibvirtConfigGuestGraphics()
graphics.type = "vnc"
graphics.keymap = CONF.vnc_keymap
graphics.listen = CONF.vncserver_listen
guest.add_device(graphics)
add_video_driver = True

[1], http://www.cyberciti.biz/faq/linux-kvm-vnc-for-guest-machine/

Eric Brown (ericwb) on 2015-05-01
Changed in nova:
importance: Undecided → Wishlist
tags: added: libvirt low-hanging-fruit
Changed in nova:
status: New → Confirmed
ugvddm (271025598-9) on 2015-05-10
Changed in nova:
assignee: nobody → ugvddm (271025598-9)
Hua Zhang (zhhuabj) wrote :

Hi ugvddm,
     Are you working on this issue now ? if not, I have prepared a patch, can I take this issue to go on ? many thanks.

best regards,
joshua

Fix proposed to branch: master
Review: https://review.openstack.org/203064

Changed in nova:
assignee: ugvddm (271025598-9) → Hua Zhang (zhhuabj)
status: Confirmed → In Progress
Daniel Berrange (berrange) wrote :

The VNC password offers no meaningful level of security - it is just a false sense of safety. We have a spec for a strong authentiction & encryption mechanism to protect nova-vncproxy <-> nova-compute channel based on TLS that is preferrable https://review.openstack.org/#/q/status:abandoned+project:openstack/nova+branch:master+topic:bp/websocket-proxy-to-host-security,n,z

Change abandoned by Michael Still (<email address hidden>) on branch: master
Review: https://review.openstack.org/203064
Reason: This patch has been stalled for quite a while, so I am going to abandon it to keep the code review queue sane. Please restore the change when it is ready for review.

Changed in nova:
assignee: Hua Zhang (zhhuabj) → nobody
status: In Progress → Confirmed

This wishlist bug has been open a year without any activity. I'm going to move it to "Opinion / Wishlist", which is an easily-obtainable queue of older requests that have come on.

tags: removed: low-hanging-fruit
Changed in nova:
status: Confirmed → Opinion
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers