Features/TigerVNC1.1

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Created page with '= Feature Name TigerVNC 1.1 = == Summary == <!-- A sentence or two summarizing what this feature is and what it will do. This information is used for the overall feature summar...')
 
 
(6 intermediate revisions by 3 users not shown)
Line 2: Line 2:
  
 
== Summary ==
 
== Summary ==
<!-- A sentence or two summarizing what this feature is and what it will do. This information is used for the overall feature summary page for each release. -->
+
TigerVNC 1.1 will be next major release which contains bunch of new features, notably VeNCrypt support which allows VNC traffic to be encrypted via TLS (and to use X.509 certificates) and PAM integration.
  
 
== Owner ==
 
== Owner ==
<!--This should link to your home wiki page so we know who you are-->
+
* Name: [[User:atkac| Adam Tkac]]
* Name: [[User:FASAcountName| Your Name]]
+
  
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or  technical issues need to be resolved-->
+
* Email: atkac redhat com
* Email: <your email address so we can contact you, invite you to meetings, etc.>
+
  
 
== Current status ==
 
== Current status ==
* Targeted release: [[Releases/<number> | Fedora <number> ]]
+
* Targeted release: Fedora 16
* Last updated: (DATE)
+
* Last updated: 2011-Nov-10
* Percentage of completion: XX%
+
* Percentage of completion: 100%
 
+
<!-- CHANGE THE "FedoraVersion" TEMPLATES ABOVE TO PLAIN NUMBERS WHEN YOU COMPLETE YOUR PAGE. -->
+
  
 
== Detailed Description ==
 
== Detailed Description ==
<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
+
The main goal is to add encryption support to widely used VNC software - Xvnc server and vncviewer. Another goal is to add PAM support to Xvnc which allows fine-grained authentication configuration.
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new feature, what capabilities does it bring? Why will Fedora become a better distribution or project because of this feature?-->
+
Remote desktop will be finally used over insecure networks.
  
 
== Scope ==
 
== Scope ==
<!-- What work do the developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
+
TigerVNC upstream developers have to complete 1.1 release in time. There is currently (06/12/2012) a beta release.
  
 
== How To Test ==
 
== How To Test ==
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.
+
1. Compatibility
 +
- run "vncserver :1" and try to connect with various clients (vncviewer, vinagre)
  
Remember that you are writing this how to for interested testers to use to check out your feature - documenting what you do for testing is OK, but it's much better to document what *I* can do to test your feature.
+
2. Encryption with anonymous certificates
 +
- run "vncserver :1"
 +
- start vncviewer, select "Options" and select "Session encryption" to "TLS with anonymous certificates"
 +
- try to connect to the server
  
A good "how to test" should answer these four questions:
+
3. Encryption with X.509 certificates
 +
- setup X.509 certificates for server and client (check http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html for more info, for example)
 +
- start vncserver with "-x509key <path> -x509cert <path>" parameters. The first one is key of the X.509 certificate in PEM format and the second one is the X.509 certificate
 +
- start vncviewer, select "Options" and select "Session encryption" to "TLS with X509 certificates" and load proper CA file.
  
0. What special hardware / data / etc. is needed (if any)?
+
4. PAM support
1. How do I prepare my system to test this feature? What packages
+
- will be updated
need to be installed, config files edited, etc.?
+
2. What specific actions do I perform to check that the feature is
+
working like it's supposed to?
+
3. What are the expected results of those actions?
+
-->
+
  
 
== User Experience ==
 
== User Experience ==
<!-- If this feature is noticeable by its target audience, how will their experiences change as a result?  Describe what they will see or notice. -->
+
Users can use VNC over insecure network without risks.
  
 
== Dependencies ==
 
== Dependencies ==
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this feature depends?  In other words, completion of another feature owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel feature)? -->
+
none
  
 
== Contingency Plan ==
 
== Contingency Plan ==
<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "None necessary, revert to previous release behaviour."  Or it might not.  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
+
Compile TigerVNC without encryption support.
  
 
== Documentation ==
 
== Documentation ==
<!-- Is there upstream documentation on this feature, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
+
none
*
+
  
 
== Release Notes ==
 
== Release Notes ==
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
+
TigerVNC now supports TLS encryption and Xvnc server is integrated with PAM. This allows users to use VNC over insecure networks and also allows fine-grained authentication configuration.
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this feature, indicate them here.  You can also link to upstream documentation if it satisfies this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release. -->
+
*
+
  
 
== Comments and Discussion ==
 
== Comments and Discussion ==
* See [[Talk:Features/YourFeatureName]] <!-- This adds a link to the "discussion" tab associated with your page.  This provides the ability to have ongoing comments or conversation without bogging down the main feature page -->
+
* See [[Talk:Features/TigerVNC1.1]]
  
  
[[Category:FeaturePageIncomplete]]
+
[[Category:FeatureAcceptedF16]]
 
<!-- When your feature page is completed and ready for review -->
 
<!-- When your feature page is completed and ready for review -->
 
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
 
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
 
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
 
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
 
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->
 
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->

Latest revision as of 14:35, 10 November 2011

Contents

[edit] Feature Name TigerVNC 1.1

[edit] Summary

TigerVNC 1.1 will be next major release which contains bunch of new features, notably VeNCrypt support which allows VNC traffic to be encrypted via TLS (and to use X.509 certificates) and PAM integration.

[edit] Owner

  • Email: atkac redhat com

[edit] Current status

  • Targeted release: Fedora 16
  • Last updated: 2011-Nov-10
  • Percentage of completion: 100%

[edit] Detailed Description

The main goal is to add encryption support to widely used VNC software - Xvnc server and vncviewer. Another goal is to add PAM support to Xvnc which allows fine-grained authentication configuration.

[edit] Benefit to Fedora

Remote desktop will be finally used over insecure networks.

[edit] Scope

TigerVNC upstream developers have to complete 1.1 release in time. There is currently (06/12/2012) a beta release.

[edit] How To Test

1. Compatibility - run "vncserver :1" and try to connect with various clients (vncviewer, vinagre)

2. Encryption with anonymous certificates - run "vncserver :1" - start vncviewer, select "Options" and select "Session encryption" to "TLS with anonymous certificates" - try to connect to the server

3. Encryption with X.509 certificates - setup X.509 certificates for server and client (check http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html for more info, for example) - start vncserver with "-x509key <path> -x509cert <path>" parameters. The first one is key of the X.509 certificate in PEM format and the second one is the X.509 certificate - start vncviewer, select "Options" and select "Session encryption" to "TLS with X509 certificates" and load proper CA file.

4. PAM support - will be updated

[edit] User Experience

Users can use VNC over insecure network without risks.

[edit] Dependencies

none

[edit] Contingency Plan

Compile TigerVNC without encryption support.

[edit] Documentation

none

[edit] Release Notes

TigerVNC now supports TLS encryption and Xvnc server is integrated with PAM. This allows users to use VNC over insecure networks and also allows fine-grained authentication configuration.

[edit] Comments and Discussion