[X2go-dev] Looking for information on the future of x2go (and some other x2go-related stuff)
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Thu Mar 3 13:00:59 CET 2011
Hi Stefan,
On Do 03 Mär 2011 12:49:15 CET Stefan Baur wrote:
>> Generic would also be a statement: this functionality is not supported
>> for your OS.
> Which would be a NX/x2go-migration-blocker for those currently using
> the "store password" function of the NXclient.
OK, you are thinking in migration NX2X2go-terms... I see.
> Again, I don't mind if you're using ssh keyfiles instead of stored
> passwords (I could drop such a keyfile into the user's home
> directory and set it up in a way that it doesn't require a password).
> FWIW, you could offer to ship invisible dwarves that type the
> password on the user's keyboard and I wouldn't care. ;-)
> I just need *some* way to provide a one-click (or double-click,
> since we're talking Windows here) login.
SSH keyfiles are indeed possible to use with both clients.
However, neither with PyHoca-GUI nor with X2goClient-qt you have a key
generation mechanism at hand. However, this would be really a need
feature:
o The client generates a key pair
o at first login, the pubkey is pushed to the server (this needs a password)
o at further logins, the pubkey is used for Auth...
What do you think about something like this?
> Usability: The user is already authenticated on the Windows machine
> or the Windows Domain. No one else has access to the particular
> configuration file, as it is stored in the user's home directory
> (for this concept, it doesn't matter if it's a NX config file with a
> plaintext password, or a passwordless ssh secret key for x2go).
> There is absolutely no need to ask the user for a password again.
Single-Sign-On is always a neat thing to have...
> Security: While it would be possible to connect the NX or x2go
> server to the Windows Domain using PAM, keeping the two "worlds"
> seperate is a security benefit, since in the unlikely event that the
> Linux box gets hacked, the Windows Domain is not exposed to the
> attacker.
Ok, one possible approach.
Please let me known your opinion about the above approach (SSH key
generation). It should be rather easy to implement this into Python
X2go. If you are interested, I will add that to the PyHoca-GUI
enhancement wishlist.
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110303/eec4d2ad/attachment.pgp>
More information about the x2go-dev
mailing list