# Enabling this option will reject any client who does not have a # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem #vnc_tls_x509_verify = 1 # The default VNC password. # It is possible to use x509 certificates for authentication too, by # issuing a x509 certificate to every client who needs to connect. This directory # must contain # ca-cert.pem - the CA master certificate # server-cert.pem - the server certificate signed with ca-cert.pem # server-key.pem - the server private key # This option allows the certificate directory to be changed #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # The default TLS configuration only uses certificates for the server # allowing the client to verify the server's identity and establish # an encrypted channel. The # default it to keep them in /etc/pki/libvirt-vnc. #vnc_tls = 1 # Use of TLS requires that x509 certificates be issued. UltraVNC, RealVNC, TightVNC do not support this # It is necessary to setup CA and issue a server certificate # before enabling this. # Examples include vinagre, virt-viewer, virt-manager and vencrypt # itself. This requires # a VNC client which supports the VeNCrypt protocol extension. #vnc_auto_unix_socket = 1 # Enable use of TLS encryption on the VNC server. This setting takes # preference over vnc_listen. # This will only be enabled for VNC configurations that have listen # type=address but without any address specified. This prevents unprivileged access from users on the # host machine, though most VNC clients do not support it.
ISO OS INSTALL INCLUDE CONFIGS VERIFICATION
# NB, strong recommendation to enable TLS + x509 certificate # verification when allowing public access #vnc_listen = "0.0.0.0" # Enable this option to have VNC served over an automatically created # unix socket. # To make it listen on all public interfaces, uncomment # this next option. # VNC is configured to listen on 127.0.0.1 by default. # All settings described here are optional - if omitted, sensible # defaults are used. Вывод # cat /etc/ libvirt/nf # Master configuration file for the QEMU driver.