OpenStack Compute (nova)

Enable password support for vnc session

Bug #1450294 reported by Hua Zhang
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Opinion
Wishlist
Unassigned

Bug Description

qemu supports that password based authentication is used for client connections by adding password option for -vnc as below [1].
-vnc 0.0.0.0:1,password -k en-us
qemu xml configuration file provides a VNC password in clear text.
<graphics type='vnc' port='-1' autoport='yes' listen='192.168.1.5' passwd='YOUR-PASSWORD-HERE' keymap='en-us'/>

but openstack doesn't support to configure vpn password, see the following codes:
if ((CONF.vnc_enabled and
virt_type not in ('lxc', 'uml'))):
graphics = vconfig.LibvirtConfigGuestGraphics()
graphics.type = "vnc"
graphics.keymap = CONF.vnc_keymap
graphics.listen = CONF.vncserver_listen
guest.add_device(graphics)
add_video_driver = True

[1], http://www.cyberciti.biz/faq/linux-kvm-vnc-for-guest-machine/

Tags: libvirt
Eric Brown (ericwb)
Changed in nova:
importance: Undecided → Wishlist
Sylvain Bauza (sylvain-bauza)
tags: added: libvirt low-hanging-fruit
Changed in nova:
status: New → Confirmed
ugvddm (271025598-9)
Changed in nova:
assignee: nobody → ugvddm (271025598-9)
Revision history for this message
Hua Zhang (zhhuabj) wrote :

Hi ugvddm,
     Are you working on this issue now ? if not, I have prepared a patch, can I take this issue to go on ? many thanks.

best regards,
joshua

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/203064

Changed in nova:
assignee: ugvddm (271025598-9) → Hua Zhang (zhhuabj)
status: Confirmed → In Progress
Revision history for this message
Daniel Berrange (berrange) wrote :

The VNC password offers no meaningful level of security - it is just a false sense of safety. We have a spec for a strong authentiction & encryption mechanism to protect nova-vncproxy <-> nova-compute channel based on TLS that is preferrable https://review.openstack.org/#/q/status:abandoned+project:openstack/nova+branch:master+topic:bp/websocket-proxy-to-host-security,n,z

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Michael Still (<email address hidden>) on branch: master
Review: https://review.openstack.org/203064
Reason: This patch has been stalled for quite a while, so I am going to abandon it to keep the code review queue sane. Please restore the change when it is ready for review.

Davanum Srinivas (DIMS) (dims-v)
Changed in nova:
assignee: Hua Zhang (zhhuabj) → nobody
status: In Progress → Confirmed
Revision history for this message
Markus Zoeller (markus_z) (mzoeller) wrote :

This wishlist bug has been open a year without any activity. I'm going to move it to "Opinion / Wishlist", which is an easily-obtainable queue of older requests that have come on.

tags: removed: low-hanging-fruit
Changed in nova:
status: Confirmed → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.