[X2Go-Dev] Bug#1183: Bug#1183: Bug#1183: Pass broker creds to RDP client as plaintext

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Sat Jun 3 23:48:36 CEST 2017


HI Walid,

On  Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote:

> I'll take your requests into account but just to clarify :
>
>
>> 1. Please split up the RDP broker creds as session creds from the
>> --close-disconnect change.
>
> This little fix is related to this support since, in that particular  
> case which is broker mode + RDP session + --close-disconnect  
> activated, you couldn't have a one time authentication (at broker  
> auth).
> For that "one time auth" to work, I need a way to pass broker  
> credentials to the session and to close the client at the end of the  
> session in order to force a re-auth at broker login.
> Without the --close-disconnect fix, I can pass my credentials to the  
> RDP session but when finishing the session, I'm still on the broker  
> page with my session list and I don't re-auth which is what I wanted.
> I can easily split these patches since they are quite clearly  
> separated but I thought they were related to the same need that's  
> why I kept them together.

Please split off the change for --close-disconnect into a separate commit.

>> 2. Please let the cmdline option start with --broker-...
>>
>> --broker-use-creds-for-session
>
> ok
>
>> 3. Don't limit this functionality to RDP sessions only. It is
>> useful for all sorts of session
>> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
>> rumours about such a new feature)).
>
> Well, I'm not aware of XDMCP and have nothing under my hand to test it.
> This patch affect RDP sessions only in fact because X2Go sessions  
> have heir own way to pass credentials from broker to x2go server  
> with the intermediate key auth so using this method for this kind of  
> session is purely useless.
> On the other hand, RDP sessions have no such key authentication  
> available so it is necessary to pass credentials as plaintext to  
> xfreerdp/rdesktop because in the case of the broker mode only, when  
> clicking on the session profile, the client is waiting for the  
> credentials but you are not prompted for them so the client stay  
> stuck in an unusable situation.
> So really, this is a "broker + RDP only" method that's why I  
> precised this was for RDP only in order not to confuse users who  
> might think this could be used for any type of connection.
>
> I'll modify the cmdline option name and wait for your comments on my  
> precisions.
>

IMHO, the --broker-use-creds-for-session could be a nice and cheap  
alternative to setting up x2gobroker-agent based authentication. So,  
it would be nice to have it working for X2Go and RDP sessions.

Thanks,
Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20170603/34b2671d/attachment.sig>


More information about the x2go-dev mailing list