Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsupported security types: 19 #817

Closed
dswd opened this issue Oct 22, 2014 · 4 comments · Fixed by #977
Closed

Unsupported security types: 19 #817

dswd opened this issue Oct 22, 2014 · 4 comments · Fixed by #977
Milestone
3.6

Comments

@dswd
Copy link
Contributor

dswd commented Oct 22, 2014

On some hosts (e.g. 129.187.143.7) noVNC shows this error and fails.
@dswd dswd added this to the 3.5 milestone Oct 22, 2014
@dswd
Copy link
Contributor Author

dswd commented Oct 30, 2014

It seems that this only affects KVM in newer versions. KVM seems to change the authentication method from the default "vnc" to the unsupported "vencrypt+x509+plain" upon the first client connect.
There seems to be no way to circumvent this.

@dswd
Copy link
Contributor Author

dswd commented Oct 30, 2014

I am pretty sure this is something that proxmox manually patched into qemu: https://git.proxmox.com/?p=pve-qemu-kvm.git;a=blob;f=debian/patches/pve-auth.patch (ARGH!)

@dswd
Copy link
Contributor Author

dswd commented Oct 31, 2014

Ok, now we have the following choices:

  1. Use a patched version of qemu on Proxmox hosts that has a switch which restores the original behaviour. I do not like this as it means that we have to maintain and periodically recompile a third-party binary.
  2. Abandon Proxmox alltogether. Plans already exist to support general debian-based systems instead of just Proxmox. In this case this means that Proxmox will not be supported any more. This is most likely the cleanest solution but it requires to migrate all existing hosts away from Proxmox and also find a way to use LXC in the same way we use OpenVZ now.
  3. Find a javascript VNC client that implements VeNCrypt or add support to NoVNC. We have to investigate this solution some more to be able to estimate the required effort.

For now this problem is hidden by the fact that the new qemu binary that changes the functionality also has a major version change so that the hostmanager marks KVM as unsupported. #828 should help to detect upgrades.

@dswd dswd modified the milestones: 3.5, 3.6 Nov 17, 2014
@a-gerhard a-gerhard modified the milestones: 3.6, Component Architecture Dec 4, 2014
@dswd
Copy link
Contributor Author

dswd commented Jan 20, 2015

This looks like a temporary workaround: https://review.openstack.org/#/c/77266/

@a-gerhard a-gerhard modified the milestones: Component Architecture, 3.6 Jan 21, 2015
dswd pushed a commit that referenced this issue Jun 10, 2015
Fix VNC for newer QM versions
7b4794e 
Finally resolves #817
@dswd dswd mentioned this issue Jun 10, 2015
Merged
@dswd dswd closed this as completed in #977 Jun 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.6
Development

Successfully merging a pull request may close this issue.

Fix VNC for newer QM versions GLab/ToMaTo
2 participants
@dswd @a-gerhard