[X2go-dev] can't start ssh tunnel / integration with existing ldap
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed Jan 26 11:59:37 CET 2011
Hi there,
On Mi 26 Jan 2011 10:55:08 CET Martin Steigerwald wrote:
> I think it would make the issue go away, but we do not want to run (insecure)
> NFS without rootsquash. Then chmod 777 to ~/.x2go/ssh and probably (is it
> needed?) ~/.x2go as well IMHO is the less invasive approach.
You are talking about the x2goserver side, aren't you.
The x2goserver package is currently undergoing a complete rewrite due
to some security breaches reported a few days ago on this list.
As far as I know, Alex managed to get rid of all sudo calls in the
x2goserver package. (which is also a blessing for the auth.log which
got spammed with plenty of sudo log entries before).
The rewrite might solve your issues and it will be out for testing in
a couple of days (AFAIK).
However, on the todo list still (i.e. my personal todo list as
contributor) is taking a look at x2goprint which also uses sudo calls.
These do also fail on NFS volumes (esp. when mounted with one of
Kerberos's krb5<x> security mechanisms).
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110126/e8442f6c/attachment.pgp>
More information about the x2go-dev
mailing list