diff options
Diffstat (limited to 'qemu-options.hx')
-rw-r--r-- | qemu-options.hx | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index 82e085a..d9edff7 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -714,9 +714,25 @@ Force using the specified IP version. @item password=<secret> Set the password you need to authenticate. +@item sasl +Require that the client use SASL to authenticate with the spice. +The exact choice of authentication method used is controlled from the +system / user's SASL configuration file for the 'qemu' service. This +is typically found in /etc/sasl2/qemu.conf. If running QEMU as an +unprivileged user, an environment variable SASL_CONF_PATH can be used +to make it search alternate locations for the service config. +While some SASL auth methods can also provide data encryption (eg GSSAPI), +it is recommended that SASL always be combined with the 'tls' and +'x509' settings to enable use of SSL and server certificates. This +ensures a data encryption preventing compromise of authentication +credentials. + @item disable-ticketing Allow client connects without authentication. +@item disable-copy-paste +Disable copy paste between the client and the guest. + @item tls-port=<nr> Set the TCP port spice is listening on for encrypted channels. |