[Spice-devel] [PATCH] protocol: RFC: add common channel caps for AUTH mechanism selection

Hans de Goede hdegoede at redhat.com
Sun Feb 13 07:30:28 PST 2011


Hi,

On 02/13/2011 04:10 PM, Marc-André Lureau wrote:
> ----- Original Message -----
>> In general I like, I do have a few remarks though.
>>
>> I would like to state in the spec, and see in this example, that
>> SPICE_CHANNEL_CAP_AUTH_SPICE must always be supported, and thus set
>> in the capabilities field. This way we ensure that their will always
>> be
>> one auth method both sides support.
>>
>
> How would you enforce usage of SASL then? In fact, the way I implemented it, if you select SASL (from qemu command line), Spice AUTH is then disabled.
>

Good point, so the example can stay as is. But the spec should contain
a blurb that any Spice server / client implementation should support
SPICE_CHANNEL_CAP_AUTH_SPICE, and that this can then optionally be disabled
through some runtime configuration mechanism. The purpose here being to
establish some baseline for interoperability, with say a web browser
java applet spice client (remember the discussion about this at fosdem).

I agree both sides should be able to deny using this baseline auth
mechanism, for administrative reasons. But I would like to make it
clear that it should be included in all implementations.

Does that make sense?

Regards,

Hans


More information about the Spice-devel mailing list