[pve-devel] pve-spice 0.12 package + report

Michael Rasmussen mir at datanom.net
Mon Oct 1 17:45:56 CEST 2012


On Mon, 1 Oct 2012 15:40:33 +0000
Dietmar Maurer <dietmar at proxmox.com> wrote:

> > for pve-auth ?
> > spicec client only send the password without login, I don't see how we can do
> > this without hacking the client...
> 
> So how is that expected to work? Authentication needs a user name, else it does not make much sense?
"In addition to encryption, the SPICE protocol allows for a choice of
authentication schemes. The original SPICE protocol defined a ticket
based authentication scheme using a shared secret. The server would
generate an RSA public/private keypair and send its public key to the
client. The client would encrypt the ticket (password) with the public
key and send the result back to the server, which would decrypt and
verify the ticket. The current SPICE protocol also allows for use of
the SASL authentication protocol, thus enabling support for a wide
range of admin configurable authentication mechanisms, in particular
Kerberos"
http://en.wikipedia.org/wiki/SPICE_(protocol)

-- 
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20121001/a6a32b5d/attachment.sig>


More information about the pve-devel mailing list