x2go-dev

x2go-dev@lists.x2go.org

5397 discussions

Start a nNew thread

Re: [X2go-dev] session timeout management / idle management / lost processes
by Gerry Reno 30 Jun '10

30 Jun '10

1 0

Re: [X2go-dev] session timeout management / idle management / lost processes
by Gerry Reno 30 Jun '10

30 Jun '10

3 3

x2goplugin test sites
by Mike Gabriel 30 Jun '10

30 Jun '10

Sorry, the former mail had the wrong subject line... Hi List, I am thinking about setting up a public x2goplugin test site. This test site needs some features. o accessible from everywhere on the internet o no access to the internet (local iptables, blocking outgoing connections) o ssh key auto-login (username x2gotest) o disposable homes - on login generate homedir-name (/home/x2gotest.<some-id>) - create /home/x2gotest.<some-id> from pre-configured skel (pam_mkhomedir) - on logout remove /home/x2gotest.<some-id> o x2go session timeouts (5min) o allow simultaneous sessions (limit number of simultaneous sessions) o ... (anything forgotten) If any of you can contribute to any of these aspects or add security thoughts to the above list, please do so. My questions: o when is the best moment to rename the home dir to a session individual name? o where can I hook into the logout x2go process to remove the deprecated home dir? o does x2go support session timeouts natively? o can x2go limit the number of allowed simultaneous sessions? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

2 1

session timeout management / idle management / lost processes
by Mike Gabriel 30 Jun '10

30 Jun '10

Hi List, I am thinking about setting up a public x2goplugin test site. This test site needs some features. o accessible from everywhere on the internet o no access to the internet (local iptables, blocking outgoing connections) o ssh key auto-login (username x2gotest) o disposable homes - on login generate homedir-name (/home/x2gotest.<some-id>) - create /home/x2gotest.<some-id> from pre-configured skel (pam_mkhomedir) - on logout remove /home/x2gotest.<some-id> o x2go session timeouts (5min) o allow simultaneous sessions (limit number of simultaneous sessions) o ... (anything forgotten) If any of you can contribute to any of these aspects or add security thoughts to the above list, please do so. My questions: o when is the best moment to rename the home dir to a session individual name? o where can I hook into the logout x2go process to remove the deprecated home dir? o does x2go support session timeouts natively? o can x2go limit the number of allowed simultaneous sessions? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 1

Re: [X2go-dev] getting features inside neatx/freenx instead of developing something different
by Gerry Reno 30 Jun '10

30 Jun '10

Here's my 2c on this... Neatx got released and basically went nowhere. There hasn't been any new features developed just a few bug fixes and nothing recent. And to boot, it's slow. Freenx has all but died. It has languished for a very long time. So I don't see any reason to push anything toward those projects. Gerry Jun 30, 2010 02:58:59 PM, x2go-dev(a)lists.berlios.de wrote: Hello x2go list, I've added one of my not so important mail accounts to this list to share my opinion about nx based development in the future. I don't like mailing lists because they only collect spam (to add my opinion to a already discussed topic). I've read some of the mesages here and I've taken a look to this project. I really don't think this is a good idea to work on a not compatible nx server. There are already enough free servers and clients in the world and we all should try to save a amount of compatibility to all projects. There is also a plugin for mozilla (moznx) so you won't need to develop a own. Although i like the idea of the file transport and print module of x2go (pulseaudio too is already possible with opennx). If you would change to python, i would help you to get things to work with neatx/freenx. Then you too would have no problem with the packaging, because everything you need is already done. What do you think about at minimum getting those interesting features build up in external programms, so you can use it with all nx servers (or even vncs)? eli _______________________________________________ X2go-dev mailing list X2go-dev(a)lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev

1 0

rdesktop connection with program-parameters
by Udo Lembke 30 Jun '10

30 Jun '10

Hello, i do my first testing with an x2go-server. The first bigger problem is relatet to an rdesktop-connection. I need to bypass an parameter to a windows programm. I select in the X2go client -> Settings -> Windows Terminal Server and put following in the "Erweiterte Einstellungen" (in german): -d domain.com -n xyz -c \'\\\\Server\\Program\' -s \'\\\\Server\\Program\\Program.exe R=xyz\' The connection fail (it's about the ' ), but if i do a "ssh -X user@x2go-server", i see the right command: cat .x2go/C-user-94-1277905770_stRRDP_dp24/cmdoutput exec rdesktop -g 1024x768 -d domain.com -n xyz -c '\\Server\Program' -s '\\Server\Program\Program.exe R=xyz' 192.168.10.100 and a "chmod +x .x2go/C-user-94-1277905770_stRRDP_dp24/cmdoutput; .x2go/C-user-94-1277905770_stRRDP_dp24/cmdoutput" start the program right. It looks like, that x2go has problem with the apostrophe. Any help are wellcome! Best regards Udo

1 0

LDAP integration call for help
by Mike Gabriel 30 Jun '10

30 Jun '10

Hi there, after havine played with x2goserver-one/sqlite for a while I am testing x2goserver with LDAP/Postgres setup. The Postgres setup was easy, thanks to the wiki (there are some essential typos in the wiki page, I have registered with the wiki to fix them). But LDAP... My very first impression is - and maybe I am wrong - that the LDAP-Server setup is far to rigid (I will speak openly). I use x2go over the internet, thus every connection I make has to be encrypted and needs authentication. 1. LDAPS support the x2goclient does not support LDAPS... Does it support StartTLS somewhere hidden in its guts? Otherwise, LDAPS is definitely an item for the x2go wishlist 2. LDAP Auth the x2goclient does not support LDAP auth. At least simple_bind_s should be possible... -> wishlist. When exactly does the x2goclient access the LDAP db? I suppose before authentication to one of the x2goservers. I wonder, if LDAP access was possible to also tunnel LDAP access through ssh... (i.e. after session login). 3. Documentation of Internas The LDAP scripts in the x2goldaptools package help to setup an LDAP server from scratch. This is not what people might want if they migrate a site. For site migration to x2go without help of your setup scripts the internas of the LDAP communication/data storage methods must be documented better (e.g. difference between server and host in LDAP -> serial = 1, scratchscratch...). 4. Admin DN... The migration/setup scripts pre-requisite cn=ldapadmin,$BASE as admin DN. This is too rigid! There is a config file for LDAP settings (/etc/x2go/x2goldaptools.conf). This one should be used for putting information on the LDAP database. 5. Admin DN secret... The migration tools take the LDAP admin password from /etc/libnss_ldap.secret. Also the ldap secret should be retrieved from /etc/x2go/x2goldaptools.conf, or even better from a /etc/x2go/x2goldaptools.secret file (0600:root:root). It might well be that people setup a special x2goadmin account in LDAP for the purpose of administrating x2go relevant LDAP-objects. 6. LDAP storage structures Really big organizations group there LDAP data into ous. One ou for one department at work (e.g. ou=sales,$BASE; ou=management,$BASE; etc.). Within these ous they store sub-ous like group, people, hosts etc. Sometimes they even have ou based Administrators. cn=admin,ou=sales,$BASE ou=people,ou=sales,$BASE ou=group,ou=sales,$BASE ou=hosts,ou=sales,$BASE cn=admin,ou=support,$BASE ou=people,ou=support,$BASE ou=group,ou=support,$BASE ou=hosts,ou=support,$BASE ... This is an approach the system and user management software GOsa² goes, also AD structures often look like this. I wonder if x2go is flexible enough to handle structures like these... 7. Active Directory This might be overkill now, but has anyone tried to store x2go users, hosts and groups in AD??? With support of winbind, maybe? 8. Why LDAP? Could anyone explain me, what x2go explicitly needs LDAP for? What information is stored in LDAP that could not be replaced by any other libnss services. (Has anyone ever thought to use netgroups and pam_access for machine access control, BTW?). 9. Load-Balancing Could also anyone hint to me, how load-balancing in multi-server setup works with x2go? I guess this question is related to LDAP... Loads of questions, sorry, but I couldn't get LDAP functionality running out of the box with my already existing LDAP setup. Thanks a lot to whoever replies here!!! Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

2 2

home dirs with x2go
by Mike Gabriel 30 Jun '10

30 Jun '10

hi list-folks, what kind of home dir setup does x2go expect/support. 1. Scenario I tried... My default scenario: homes rest on an NFS server, homes are mounted as NFS homes with kerberos security (sec=krb5i or sec=krb5p). Everything seems to work fine apart from x2go printing (I mentioned this issue in another posting). 2. Scenario I tried... I have two x2goservers, tied together with postgres, but without explicit x2go LDAP tweaks. Each server has its own homes, only real data (no configs) is shared via Autofs-NFS in /home/<user>/MyDocuments. This means: /home/<user> on <host1> is different from /home/<user> on <host2>. x2go printing now works (no file copying onto NFS share as root anymore), but x2golistsessions throws a bug: mike@vidar:~$ x2golistsessions --all-servers vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv tail: ,,/home/<client-user>/.x2go/C-<server-user>-53-1277893552_stDLXDE_dp24/session.log\'' kann nicht zum Lesen geöffnet werden: No such file or directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 21577|<server-user>-53-1277893552_stDLXDE_dp24|53|<host1>.das-netzwerkteam.de|R|30.06.10 12:25:52|fa4f8eb2071a396e215efbd048f3a5b7|<client-ip>|30007|30008|30.06.10 12:25:54|<server-user>|3417|30009 26895|<server-user>-51-1277893678_stDGNOME_dp24|51|<host2>.das-netzwerkteam.de|R|30.06.10 12:27:58|b8b9058a32fd73ce3ae02cbae8aab605|<client-ip>|30004|30005|30.06.10 12:27:59|<server-user>|3292|30006 Question: which scenarios have you already implied, which may be missing or are untested? What home dir setup is most preferred from the developers' point of view? Best, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

2 1

x2goplugin: minor suggestion/wish
by Mike Gabriel 30 Jun '10

30 Jun '10

Hi Heinz, 1. is it possible to configure the x2goplugin in a way that after a session is over the login dialog appears instantly again. Currently, I have to press on ,,Neue Verbindung'' to get the login window back. If there is no possibility for this yet, it might be a nice feature (e.g. as config option). 2. Is it also possible to offer a list of different session types within the x2goplugin-login-dialog (e.g. offer to select KDE or GNOME) from within the same x2goplugin-URL? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Re: [X2go-dev] about the mailing list...
by Gerry Reno 29 Jun '10

29 Jun '10

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

x2go-dev