On Mon, Oct 02, 2006 at 09:10:51PM +0100, Daniel P. Berrange wrote:
Just a heads-up for anyone who uses the VNC service for accessing the
graphical framebuffer for fully-virt & para-virt guests. As of xen-3.0.2-43
I do of course actually mean 'xen-3.0.2-42'
* Sep 29 2006 Daniel P. Berrange <berrange(a)redhat.com> - 3.0.2-42
- Added vnclisten patches to make VNC only listen on localhost
out of the box, configurable by 'vnclisten' parameter (bz 203196)
in rawhide, the VNC server will default to only accepting connections
on
localhost (127.0.0.1). The reason for this change is that the VNC servers
do not currently[1] have any support for VNC password authentication, so
listening on 0.0.0.0 by default is rather a bad idea.
If you need to revert to old behaviour either set vnclisten="0.0.0.0" in
the guest domain's config, or to change it system wide, set the vnc-listen
parameter in /etc/xen/xend-config.sxp. I'd recommend though to just forward
the VNC port securely over SSH instead if feasible.
Regards,
Dan.
[1] Password support is under active development & will hopefully also
appear real soon now...
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|