[Kimchi-devel] [PATCH 0/4] ticket support for guest

Yu Xin Huo huoyuxin at linux.vnet.ibm.com
Mon May 26 08:00:40 UTC 2014


On 5/26/2014 3:09 PM, Zhou Zheng Sheng wrote:
> 于 2014年05月26日 15:01, Hongliang Wang 写道:
>> On 05/26/2014 02:38 PM, Hongliang Wang wrote:
>>> On 05/26/2014 02:27 PM, Zhou Zheng Sheng wrote:
>>>> on 2014/05/26 13:32, Yu Xin Huo wrote:
>>>>> I strongly dislike the way to change password frequently.
>>>>>
>>>>> Password is designed for user to recognize himself for authentication.
>>>>> Frequently changing password make password itself meaningless to user.
>>>>>
>>>>> As it is VNC password, this will almost make vnc unaccessible to user.
>>>>> Personally, I dislike to use browser to console the VM at all.
>>>>>
>>>>> I suspect whether there is *a justification reasonable enough* to take
>>>>> the way that "changing password".
>>>>>
>>>>> So please exactly clarify what *threat* this "change password" strategy
>>>>> is protecting against?
>>>>>
>>>> Some back-end background.
>>>>
>>>> The problem is that noVNC and HTML5 Spice traffic is carried on
>>>> websocket outside of Kimchi server. It operates as following.
>>>>
>>>> noVNC --websocket--> websockify --tcp-> VNC server of the hypervisor.
>>>>
>>>> Since Kimchi is out of this route, we don't have means to authenticate
>>>> user. The user can copy the noVNC page URL to another machine without
>>>> loggin to Kimchi, and he can still access VNC.
>>> For this part, I'd prefer access VNC through any VNC viewer after I
>>> created a VM, instead of only access it through Kimchi.
>> I checked Virt Manager just now and it works the similar as your design
>> for Kimchi. So is it possible if I want to access Kimchi VM through VNC
>> clients (e.g., my browser is relatively too old to use noVNC) ? In this
>> case, I think a possible solution is:
>> 1. Create a VM with bridged network that I can access it from other
>> machines
>> 2. Install VNC server in it
>> 3. Configuration the VNC server
>> 4. Access it through VNC clients
>>
>> Does it make sense? So it will be a complete solution.
> Feasible. A small problem is that it uses guest network. If the user
> wrongly configures the guest network, he/she would lose remote video
> connection. Before installing guest OS and VNC, there is no remote video.
>
Kimchi support 3 types of network, user will base on their real needs to 
configure VM's network. Not wrongly configured.
For all these 3 types of network, the VM need VNC access.





More information about the Kimchi-devel mailing list