On Thu, Oct 07, 2010 at 02:53:05PM -0500, Anthony Liguori wrote: > On 10/07/2010 06:15 AM, Gerd Hoffmann wrote: > >This patch adds support for expiring passwords to vnc. It adds a new > >lifetime parameter to the vnc_display_password() function, which > >specifies the number of seconds the new password will be valid. Passing > >zero as lifetime maintains current behavior (password never expires). > > > >Signed-off-by: Gerd Hoffmann<kra...@redhat.com> > > > > This has been posted before and I've never understood it. Why can't a > management tool just expire passwords on it's own?
If the management tool crashes or is restarted for some reason then it may miss the expiry task. > How does password expiration help with security at all? VNC passwords are obviously rather weak, so if you can limit the time the password is valid to the window in which you are expecting the incoming VNC connection this limits the time to attack the VNC password. A mgmt tool could do - Set a VNC password - Open the VNC connection - Clear the VNC password If anything goes wrong in the mgmt tool at step 2 though, then it may never to step 3, leaving the VNC server accessible. If it had set a password expiry at step 1, it would have a safety net that guarentees the password will be invalid after 'n' seconds, even if not explicitly cleared. Given how little code this is in QEMU, I think it is a worthwhile feature. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|