• P
    vnc: disable VNC password authentication (security type 2) when in FIPS mode · 0f66998f
    Paul Moore 提交于
    FIPS 140-2 requires disabling certain ciphers, including DES, which is used
    by VNC to obscure passwords when they are sent over the network.  The
    solution for FIPS users is to disable the use of VNC password auth when the
    host system is operating in FIPS compliance mode and the user has specified
    '-enable-fips' on the QEMU command line.
    
    This patch causes QEMU to emit a message to stderr when the host system is
    running in FIPS mode and a VNC password was specified on the commend line.
    If the system is not running in FIPS mode, or is running in FIPS mode but
    VNC password authentication was not requested, QEMU operates normally.
    Signed-off-by: NPaul Moore <pmoore@redhat.com>
    Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
    0f66998f
qemu-doc.texi 79.5 KB