<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/30/2014 03:20 PM, Aline Manera
wrote:<br>
</div>
<blockquote cite="mid:53613F05.2070803@linux.vnet.ibm.com"
type="cite">Applied. Thanks.
<br>
<br>
Regards,
<br>
<br>
Aline Manera
<br>
<br>
_______________________________________________
<br>
Kimchi-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
<br>
<br>
</blockquote>
<br>
<font face="DejaVu Sans Mono">After applying this patch and make
more tests I noticed we need to improve it.<br>
In this way we are exposing all the noVNC files and let websockify
web server render the noVNC page.<br>
The </font><font face="DejaVu Sans Mono"><font face="DejaVu Sans
Mono">websockify web server</font> is limited - as far as I know
it only exposes and renders content in a directory.<br>
So if someone has the URL
<a class="moz-txt-link-freetext" href="https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1">https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1</a>
he/she can access <br>
the VM console without Kimchi authentication.<br>
<br>
My idea is very similar to what is being doing today BUT instead
of exposing all the noVNC files, we expose just one vnc.html<br>
That html will redirect the user to Kimchi vnc.html (so Kimchi
will be responsible to render noVNC page) and we can add <br>
authentication to it<br>
<br>
The big picture will be:<br>
<br>
JS connectToVNC() will redirect to <a class="moz-txt-link-freetext" href="https://host-ip:64667/">https://host-ip:64667/</a></font><font
face="DejaVu Sans Mono">vnc.html?port=64667&path=?token=my-vm&encrypt=1<br>
<br>
</font><font face="DejaVu Sans Mono"><a class="moz-txt-link-freetext" href="https://host-ip:64667/">https://host-ip:64667/</a></font><font
face="DejaVu Sans Mono">vnc.html will redirect to </font><font
face="DejaVu Sans Mono"><a class="moz-txt-link-freetext" href="https://host-ip:8001/">https://host-ip:8001/</a></font><font
face="DejaVu Sans Mono">vnc.html after loading the page.<br>
<br>
So if the user haven't accepted the CA yet he/she will be able to
do it beforing being redirected to Kimchi page.<br>
<br>
I am working in a patch to do what I described above and also add
Kimchi authentication to vnc.html and spice.html<br>
</font>
</body>
</html>