[X2Go-Dev] Bug#1183: Bug#1183: Bug#1183: Pass broker creds to RDP client as plaintext
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Sat Jun 3 23:48:36 CEST 2017
HI Walid,
On Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote:
> I'll take your requests into account but just to clarify :
>
>
>> 1. Please split up the RDP broker creds as session creds from the
>> --close-disconnect change.
>
> This little fix is related to this support since, in that particular
> case which is broker mode + RDP session + --close-disconnect
> activated, you couldn't have a one time authentication (at broker
> auth).
> For that "one time auth" to work, I need a way to pass broker
> credentials to the session and to close the client at the end of the
> session in order to force a re-auth at broker login.
> Without the --close-disconnect fix, I can pass my credentials to the
> RDP session but when finishing the session, I'm still on the broker
> page with my session list and I don't re-auth which is what I wanted.
> I can easily split these patches since they are quite clearly
> separated but I thought they were related to the same need that's
> why I kept them together.
Please split off the change for --close-disconnect into a separate commit.
>> 2. Please let the cmdline option start with --broker-...
>>
>> --broker-use-creds-for-session
>
> ok
>
>> 3. Don't limit this functionality to RDP sessions only. It is
>> useful for all sorts of session
>> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
>> rumours about such a new feature)).
>
> Well, I'm not aware of XDMCP and have nothing under my hand to test it.
> This patch affect RDP sessions only in fact because X2Go sessions
> have heir own way to pass credentials from broker to x2go server
> with the intermediate key auth so using this method for this kind of
> session is purely useless.
> On the other hand, RDP sessions have no such key authentication
> available so it is necessary to pass credentials as plaintext to
> xfreerdp/rdesktop because in the case of the broker mode only, when
> clicking on the session profile, the client is waiting for the
> credentials but you are not prompted for them so the client stay
> stuck in an unusable situation.
> So really, this is a "broker + RDP only" method that's why I
> precised this was for RDP only in order not to confuse users who
> might think this could be used for any type of connection.
>
> I'll modify the cmdline option name and wait for your comments on my
> precisions.
>
IMHO, the --broker-use-creds-for-session could be a nice and cheap
alternative to setting up x2gobroker-agent based authentication. So,
it would be nice to have it working for X2Go and RDP sessions.
Thanks,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20170603/34b2671d/attachment.sig>
More information about the x2go-dev
mailing list