Reviewed: https://review.opendev.org/623120 Committed: https://git.openstack.org/cgit/openstack/nova-specs/commit/?id=33a13a1aabee9d89a88c3b7e3e18244b2bd6a0c1 Submitter: Zuul Branch: master commit 33a13a1aabee9d89a88c3b7e3e18244b2bd6a0c1 Author: pandatt <guojy8993 at 163.com> Date: Thu Dec 6 10:31:58 2018 +0800 Proposal for a safer remote console with password authentication The feature aims at providing a safer remote console with password authentication. End users can set console password for their instances. Any user trying to access the password-encrypted console of instance will get a locked window from web console prompting for ``password`` input, and this provides almost the same experience as using VNC clients (e.g vncviewer) to access vnc servers that require password authentication. Blueprint: nova-support-webvnc-with-password-anthentication Related-bug: #1447679 Change-Id: I8416ceb88b9e9e6498a81c678944bc5d96700fc3 -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1447679 Title: service No-VNC (port 6080) doesn't require authentication Status in OpenStack Compute (nova): Confirmed Status in OpenStack Security Advisory: Won't Fix Bug description: Reported via private E-mail from Anass ANNOUR: I found that the service No-VNC (port 6080) doesn't require authentication, if you know the URL (ex: http://192.168.198.164:6080/vnc_auto.html?token=3640a3c8-ad10-45da-a523-18d3793ef8ec) you can access the machine from any other computer without any authentication before the token expires. (or in the same time as user still use the console) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1447679/+subscriptions