Corne et al,
Thanks to all of you who responded. I'm currently using the method you describe on a SuSE 9.1 Pro box and it works well! What I'm trying to achive is single sign on. That is, to pass credentials through to GDM/KDM/XDM in order to log straight in!
SuSE does have a similar scheme build in already. Check the SuSE docs on VNC. By head, they use port 5910 and/or 5911 insteadof 5950 and upwards.
What I need to know more about is X authentication, and the interaction of Xvnc with the X server and how I might go about getting Xvnc to pass through credentials.
Xvnc IS an X-server. It does not have much optional features (count on none, to be surprised to find one) but it is a full X-server in that programs can display on it just like X.org or XFree86. For security it is the same. You can compare Xvnc to Xnest up to a point.
Since Xvnc has no display to show its contents, it has the rfb-protocol to show its contents on a vncviewer. This rfb protocol does not have any security that meets current secure standards, it is just a password to prevent acidental view.
CBee
Adam
Corni Beerse <[EMAIL PROTECTED]> 10/06/2004 7:28:37 pm >>>
Adam J. Bradley wrote:
Hi all,
I've been searching for an implementation of VNC which uses either PAM or Kerberos as its authentication method in order to provide single sign-on to Xvnc server sessions.
If it is for Xvnc, I'd remove the vnc-security and use the unix account by means of xdmcp. See http://www.sourcecodecorner.com/articles/vnc/linux.asp for some details.
This setup provides single-use vnc-sessions: only the one that connects can access, because the port that is actually used is changed by inetd (and the
used Xvnc option) And once the connection between the viewer and the server
is lost, the server is killed by inetd. Hence no stale vnc-sessions.
Is this facility available/possible/desireable. I'd be happy to kick off a project to get this going as I've been learning a lot about Kerberos and PAM in recent times!
If you start using kerberos, I think security is an issuse. VNC is not made for security, you need to tunnel it trough a vpn or trough ssh or such to make it secure.
If it is for authenticating-ease (the same account everywhere), the inetd solution is suitable, it also adds ease of configuration for the users (none
at all)
CBee _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
