[Spice-devel] [PATCH] protocol: RFC: add common channel caps for AUTH mechanism selection

[Alon Levy]

On Sun, Feb 13, 2011 at 04:29:15PM +0100, Marc-André Lureau wrote:
> On Sun, Feb 13, 2011 at 4:30 PM, Hans de Goede <hdegoede at redhat.com> wrote:
> > Hi,
> >
> > On 02/13/2011 04:10 PM, Marc-André Lureau wrote:
> >>
> >> ----- Original Message -----
> >>>
> >>> In general I like, I do have a few remarks though.
> >>>
> >>> I would like to state in the spec, and see in this example, that
> >>> SPICE_CHANNEL_CAP_AUTH_SPICE must always be supported, and thus set
> >>> in the capabilities field. This way we ensure that their will always
> >>> be
> >>> one auth method both sides support.
> >>>
> >>
> >> How would you enforce usage of SASL then? In fact, the way I implemented
> >> it, if you select SASL (from qemu command line), Spice AUTH is then
> >> disabled.
> >>
> >
> > Good point, so the example can stay as is. But the spec should contain
> > a blurb that any Spice server / client implementation should support
> > SPICE_CHANNEL_CAP_AUTH_SPICE, and that this can then optionally be disabled
> > through some runtime configuration mechanism. The purpose here being to
> > establish some baseline for interoperability, with say a web browser
> > java applet spice client (remember the discussion about this at fosdem).
> >
> > I agree both sides should be able to deny using this baseline auth
> > mechanism, for administrative reasons. But I would like to make it
> > clear that it should be included in all implementations.
> >
> > Does that make sense?
> 
> Yes, I'll update the commit comment. Anyway, I will have to update the
> protocol document later (where is it, btw?). So that this comment
> doesn't serve as a reference hopefully.

It's attached here: http://spice-space.org/page/Repositories (look at the bottom)

> 
> -- 
> Marc-André Lureau
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel