[X2Go-Dev] x2gobroker without auth
Anders Bruun Olsen
abo at dsl.dk
Fri Mar 1 12:54:43 CET 2013
2013/3/1 Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
> Please use
>> x2goclient --broker-noauth --broker-url=<URL>
>> For this to work, you have to set the check-credentials config option
>> x2gobroker.conf to false.
>
> I have checked this again and thought it through. As the broker needs to
> know the username on whose behalf to operate, you probably have to add the
> --auth-id cmdline switch:
>
> x2goclient --auth-id=<broker-user> --broker-noauth --broker-url=<URL>
>
> This is ok with X2Go Client installations on some local/private machines.
> On thin clients (with no local login) this does not work as the thin client
> is not aware of the person's username sitting in front of the TC.
>
It works for me with just "x2goclient --broker-noauth --broker-url=<URL>"
and check-credentials=false in x2gobroker.conf. I have tried with both
users who exist on both the broker and terminal server and users who only
exist on the terminal server.
I get the available sessions and can just choose one. What I can't get to
work though, is --session=<SESSIONNAME>. I have term-external and
term-internal setup as available sessions in the broker, and I can choose
term-internal and logon just fine. But I can't add --session and prechoose
the session. Is this a bug in x2goclient or am I just doing it wrong?
> Hmmm...
> The other option would be to automatize the SSH login once the user has
> authenticated against the broker. This feature is already implemented in
> X2Go Client but needs some extra work in the public X2Go Session Broker.
>
If that would mean that we could have just a single login dialog for both
authenticating against the broker and the terminal server, then that would
be great! Disabling authentication on the broker is suboptimal IMHO.
> Another issue, I have to address later: The current broker implementations
> in X2GoClient expects that the broker user ID is identical with the SSH
> user ID (i.e. the X2Go user ID) of the targetting servers. This is
> suboptimal, IMHO.
Yes, there might be setups where one would want different user IDs for
broker and terminal server. Although for our setup, I prefer them to be the
same, so our users don't have to remember more than one set of credentials.
So for us, it is low priority :)
--
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130301/37e2670a/attachment.html>
More information about the x2go-dev
mailing list