diff options
Diffstat (limited to 'tools/examples/xend-config.sxp')
-rw-r--r-- | tools/examples/xend-config.sxp | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp index 9dfd97471f..df1749f340 100644 --- a/tools/examples/xend-config.sxp +++ b/tools/examples/xend-config.sxp @@ -192,6 +192,36 @@ # Empty string is no authentication. (vncpasswd '') +# The VNC server can be told to negotiate a TLS session +# to encryption all traffic, and provide x509 cert to +# clients enalbing them to verify server identity. The +# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt +# all support the VNC extension for TLS used in QEMU. The +# TightVNC/RealVNC/UltraVNC clients do not. +# +# To enable this create x509 certificates / keys in the +# directory /etc/xen/vnc +# +# ca-cert.pem - The CA certificate +# server-cert.pem - The Server certificate signed by the CA +# server-key.pem - The server private key +# +# and then uncomment this next line +# (vnc-tls 1) + +# The certificate dir can be pointed elsewhere.. +# +# (vnc-x509-cert-dir /etc/xen/vnc) + +# The server can be told to request & validate an x509 +# certificate from the client. Only clients with a cert +# signed by the trusted CA will be able to connect. This +# is more secure the password auth alone. Passwd auth can +# used at the same time if desired. To enable client cert +# checking uncomment this: +# +# (vnc-x509-verify 1) + # The default keymap to use for the VM's virtual keyboard # when not specififed in VM's configuration #(keymap 'en-us') |