[Folks, please don't top-post]
Am 24.04.20 um 20:12 schrieb J.Witvliet@mindef.nl:
One obviously missing, is a SmartCard, loaded with SSL keys & certificates, that should be reachable through P11 (or pkcs11) library...
We have SmartCard support as well (quite obviously, as X2Go started out as a replacement for SunRay workstations), that's just handled differently. But it's possible to authenticate using a GnuPG card that has SSH keys stored on it, for example.
Op 25-4-2020 om 09:41 schreef J.Witvliet@mindef.nl:
That’s the point. Gpg-cards. We too had those sun-machines for evaluation, but declined. When ones whole organization is using PKI, with 65,000 cards around, pkcs11 is essential. Would be nice to have a proper Citrix alternative.
Am 25.04.20 um 16:14 schrieb Jos:
Then again an organisation with 65000 posssible users looking for an proper Citrix alternative and considering X2Go might get in touch with the people in control to get this build?
Surely there would be some kind of EU funding for this to make sure one gets out of the hands of a proprietary software product. Me as a citizen of the country in question would really approve if not demand this from such a respected department.
Basically, pkcs11 support in X2Go would depend on pkcs11 support in libssh (haven't checked if it's there in the current version, nor in the version we're using in X2GoClient). Once present, it *may* need further changes to X2GoClient to make things work.
As X2Go is Open Source, let me say: Patches Welcome.
And if you can't do it yourself, feel free to contract a developer/a software development company to do it for you.
The only catch here is that neither BAUR-ITCS nor DAS-NETZWERKTEAM will be available for this*. I don't know about phoca GmbH, though, so it might be worth a try. But even if you hire a third-party developer outside of X2Go's core dev team: As stated above, we will accept patches for pkcs11 support into the main X2Go source.
Kind Regards, Stefan Baur
*The reason is that for both of these companies, doing business with military organizations would be a violation of their corresponding ethics code. We've had a similar discussion on the list (or was it on x2go-dev?) a few years ago, when the issue was nuclear power/nuclear research. We, as companies (and the individuals in charge of them), don't want "blood money" - but X2Go, as a project, will accept contributions under GPL, even from such orgs.
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243