[X2Go-Dev] x2gobroker without auth

Anders Bruun Olsen abo at dsl.dk
Fri Mar 1 12:54:43 CET 2013


2013/3/1 Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

> Please use
>>   x2goclient --broker-noauth --broker-url=<URL>
>> For this to work, you have to set the check-credentials config option
>>  x2gobroker.conf to false.
>
> I have checked this again and thought it through. As the broker needs to
> know the username on whose behalf to operate, you probably have to add the
> --auth-id cmdline switch:
>
>   x2goclient --auth-id=<broker-user> --broker-noauth --broker-url=<URL>
>
> This is ok with X2Go Client installations on some local/private machines.
> On thin clients (with no local login) this does not work as the thin client
> is not aware of the person's username sitting in front of the TC.
>

It works for me with just "x2goclient --broker-noauth --broker-url=<URL>"
and check-credentials=false in x2gobroker.conf. I have tried with both
users who exist on both the broker and terminal server and users who only
exist on the terminal server.

I get the available sessions and can just choose one. What I can't get to
work though, is --session=<SESSIONNAME>. I have term-external and
term-internal setup as available sessions in the broker, and I can choose
term-internal and logon just fine. But I can't add --session and prechoose
the session. Is this a bug in x2goclient or am I just doing it wrong?


> Hmmm...
> The other option would be to automatize the SSH login once the user has
> authenticated against the broker. This feature is already implemented in
> X2Go Client but needs some extra work in the public X2Go Session Broker.
>

If that would mean that we could have just a single login dialog for both
authenticating against the broker and the terminal server, then that would
be great! Disabling authentication on the broker is suboptimal IMHO.


> Another issue, I have to address later: The current broker implementations
> in X2GoClient expects that the broker user ID is identical with the SSH
> user ID (i.e. the X2Go user ID) of the targetting servers. This is
> suboptimal, IMHO.


Yes, there might be setups where one would want different user IDs for
broker and terminal server. Although for our setup, I prefer them to be the
same, so our users don't have to remember more than one set of credentials.
So for us, it is low priority :)

-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130301/37e2670a/attachment.html>


More information about the x2go-dev mailing list