[X2go-dev] can't start ssh tunnel / integration with existing ldap

Martin Steigerwald ms at teamix.de
Wed Jan 26 12:41:15 CET 2011


Hi Mike,

Am Mittwoch, 26. Januar 2011 schrieb Mike Gabriel:
> On Mi 26 Jan 2011 10:55:08 CET Martin Steigerwald wrote:
> > I think it would make the issue go away, but we do not want to run
> > (insecure) NFS without rootsquash. Then chmod 777 to ~/.x2go/ssh and
> > probably (is it needed?) ~/.x2go as well IMHO is the less invasive
> > approach.
> 
> You are talking about the x2goserver side, aren't you.
> 
> The x2goserver package is currently undergoing a complete rewrite due
> to some security breaches reported a few days ago on this list.
> 
> As far as I know, Alex managed to get rid of all sudo calls in the
> x2goserver package. (which is also a blessing for the auth.log which
> got spammed with plenty of sudo log entries before).
> 
> The rewrite might solve your issues and it will be out for testing in
> a couple of days (AFAIK).
> 
> However, on the todo list still (i.e. my personal todo list as
> contributor) is taking a look at x2goprint which also uses sudo calls.
> These do also fail on NFS volumes (esp. when mounted with one of
> Kerberos's krb5<x> security mechanisms).

Good to read. Then I will just be looking forward to that new version and 
retest then. We do not need client side printing as we have a central CUPS 
server and network printers.

Thanks,
-- 
Martin Steigerwald - team(ix) GmbH - http://www.teamix.de
gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110126/04828c0b/attachment.pgp>


More information about the x2go-dev mailing list