On 11-03-03 12:49, Stefan Baur <newsgroups.mail2@stefanbaur.de> wrote:
Hi Mike,
you wrote:
doesn't Windows 7 have a password storage? Not that I'd know, though I am not exactly a Windows 7 expert (plus, Windows XP and Vista are still out there, too). I only remember seeing a password storage function when it comes to web site logins in Internet Explorer.
[SNIP]
Generic would also be a statement: this functionality is not supported for your OS. Which would be a NX/x2go-migration-blocker for those currently using the "store password" function of the NXclient.
Again, I don't mind if you're using ssh keyfiles instead of stored passwords (I could drop such a keyfile into the user's home directory and set it up in a way that it doesn't require a password). FWIW, you could offer to ship invisible dwarves that type the password on the user's keyboard and I wouldn't care. ;-) I just need *some* way to provide a one-click (or double-click, since we're talking Windows here) login.
The keyfiles idea doesn't sound too bad, let the user type the login password, create a keyfile and use the password to remotely install the private part of that keyfile. Though it has almost the same bad security problems as storing cleartext passwords, there are some important differences that would make it worthwile: A password will be re-used (admins can forbid it all they want, won't work), so storing cleartext-passwords will also allow the compromise of other systems. And a compromised ssh-key can also be disabled by removing the appropriate authorized_keys entry instead of needing to change quite a lot of passwords.
The reason behind this is a mix of usability and security issues:
Usability: The user is already authenticated on the Windows machine or the Windows Domain. No one else has access to the particular configuration file, as it is stored in the user's home directory (for this concept, it doesn't matter if it's a NX config file with a plaintext password, or a passwordless ssh secret key for x2go). There is absolutely no need to ask the user for a password again.
Agreed, but just as a suggestion, you could also use Kerberos via winbind for passwordless ssh iirc. That way the authentication via the windows domain would be reused without needing any further password and without a possible security compromise.
Security: While it would be possible to connect the NX or x2go server to the Windows Domain using PAM, keeping the two "worlds" seperate is a security benefit, since in the unlikely event that the Linux box gets hacked, the Windows Domain is not exposed to the attacker.
On the other hand, in the far more likely event your Windows Domain gets hacked, you have handed the attacker all the Unix passwords on a platter.
That said, I don't really care one way or the other, as long as it is possible and easy for the admin to disable the "remember password" button or as long as its disabled by default.
Ciao,
Alexander Wuerstlein.