Hi Moritz,
On Do 20 Jan 2011 10:24:12 CET Moritz Struebe wrote:
I am testing PyHoca. One of the problems a came around is, that the
client checks whether I am in the x2go group - which I'm not. I also
noticed that some other security-checks are done in the client. I
believe this is dangerous, because administrators might think that
these are real security checks, while they can easily be
circumvented. I believe these check must be done server-side. That
way they can also easily be adjusted by administrators.
I only added this check because missing group membership results in
endless spamming of the auth.log file during the login process while
the server load goes up tremendously. Of course, the client software
presumes that the system is set up with default values. I agree that
there actually should be a server script that pre-checks if a user (or
a command) is welcome to the server.
The Qt x2goclient doesn't check this, which raises performance and log
spamming problems once a user logs in that is not allowed to log in.
What other security checks do you refer to?
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...