[Spice-devel] [PATCH] protocol: RFC: add common channel caps for AUTH mechanism selection
Marc-André Lureau
marcandre.lureau at gmail.com
Sun Feb 13 07:29:15 PST 2011
On Sun, Feb 13, 2011 at 4:30 PM, Hans de Goede <hdegoede at redhat.com> wrote:
> Hi,
>
> On 02/13/2011 04:10 PM, Marc-André Lureau wrote:
>>
>> ----- Original Message -----
>>>
>>> In general I like, I do have a few remarks though.
>>>
>>> I would like to state in the spec, and see in this example, that
>>> SPICE_CHANNEL_CAP_AUTH_SPICE must always be supported, and thus set
>>> in the capabilities field. This way we ensure that their will always
>>> be
>>> one auth method both sides support.
>>>
>>
>> How would you enforce usage of SASL then? In fact, the way I implemented
>> it, if you select SASL (from qemu command line), Spice AUTH is then
>> disabled.
>>
>
> Good point, so the example can stay as is. But the spec should contain
> a blurb that any Spice server / client implementation should support
> SPICE_CHANNEL_CAP_AUTH_SPICE, and that this can then optionally be disabled
> through some runtime configuration mechanism. The purpose here being to
> establish some baseline for interoperability, with say a web browser
> java applet spice client (remember the discussion about this at fosdem).
>
> I agree both sides should be able to deny using this baseline auth
> mechanism, for administrative reasons. But I would like to make it
> clear that it should be included in all implementations.
>
> Does that make sense?
Yes, I'll update the commit comment. Anyway, I will have to update the
protocol document later (where is it, btw?). So that this comment
doesn't serve as a reference hopefully.
--
Marc-André Lureau
More information about the Spice-devel
mailing list