[pve-devel] [PATCH] spiceproxy : allow only spice port range

Alexandre DERUMIER aderumier at odiso.com
Tue Jul 23 09:22:23 CEST 2013


>>I just committed a patch for pve-qemu-kvm to return the last ticktet 
>>with qmp query-spice. 

>>What do you think? Can you try to use that for your patches? 

Great ! Thanks ! 
I'll try that today.


(BTW, the ca=... fix has been commited to spice-gtk git)

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 23 Juillet 2013 09:04:47 
Objet: RE: [pve-devel] [PATCH] spiceproxy : allow only spice port range 

> > About password, I wonder if we could not retrieve the current ticket 
> > from spice server, and copy it to the target vm. 
> > 
> > Libvirt seem to simply store the current password in the vm config xml 
> > :/ 
> > 
> > <graphics type='spice' port='5900' autoport='no' passwd='secret' 
> > passwdValidTo='2013-05-31T16:11:22' connected='disconnect'/> 
> > 
> 
> IMHO storing secrets is a bad thing. We want to increase security by using a 
> short expiration time. 

I just committed a patch for pve-qemu-kvm to return the last ticktet 
with qmp query-spice. 

What do you think? Can you try to use that for your patches? 


More information about the pve-devel mailing list