Revision 48b3ed0a
b/qemu-config.c | ||
---|---|---|
388 | 388 |
.name = "disable-copy-paste", |
389 | 389 |
.type = QEMU_OPT_BOOL, |
390 | 390 |
},{ |
391 |
.name = "sasl", |
|
392 |
.type = QEMU_OPT_BOOL, |
|
393 |
},{ |
|
391 | 394 |
.name = "x509-dir", |
392 | 395 |
.type = QEMU_OPT_STRING, |
393 | 396 |
},{ |
b/qemu-options.hx | ||
---|---|---|
714 | 714 |
@item password=<secret> |
715 | 715 |
Set the password you need to authenticate. |
716 | 716 |
|
717 |
@item sasl |
|
718 |
Require that the client use SASL to authenticate with the spice. |
|
719 |
The exact choice of authentication method used is controlled from the |
|
720 |
system / user's SASL configuration file for the 'qemu' service. This |
|
721 |
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an |
|
722 |
unprivileged user, an environment variable SASL_CONF_PATH can be used |
|
723 |
to make it search alternate locations for the service config. |
|
724 |
While some SASL auth methods can also provide data encryption (eg GSSAPI), |
|
725 |
it is recommended that SASL always be combined with the 'tls' and |
|
726 |
'x509' settings to enable use of SSL and server certificates. This |
|
727 |
ensures a data encryption preventing compromise of authentication |
|
728 |
credentials. |
|
729 |
|
|
717 | 730 |
@item disable-ticketing |
718 | 731 |
Allow client connects without authentication. |
719 | 732 |
|
b/ui/spice-core.c | ||
---|---|---|
549 | 549 |
if (password) { |
550 | 550 |
spice_server_set_ticket(spice_server, password, 0, 0, 0); |
551 | 551 |
} |
552 |
if (qemu_opt_get_bool(opts, "sasl", 0)) { |
|
553 |
#if SPICE_SERVER_VERSION >= 0x000900 /* 0.9.0 */ |
|
554 |
if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 || |
|
555 |
spice_server_set_sasl(spice_server, 1) == -1) { |
|
556 |
fprintf(stderr, "spice: failed to enable sasl\n"); |
|
557 |
exit(1); |
|
558 |
} |
|
559 |
#else |
|
560 |
fprintf(stderr, "spice: sasl is not available (spice >= 0.9 required)\n"); |
|
561 |
exit(1); |
|
562 |
#endif |
|
563 |
} |
|
552 | 564 |
if (qemu_opt_get_bool(opts, "disable-ticketing", 0)) { |
553 | 565 |
auth = "none"; |
554 | 566 |
spice_server_set_noauth(spice_server); |
Also available in: Unified diff