Hello,
I am looking for a solution to provide secure authentication / mail signing etc on a central place, so I researched the actual available OS-Solutions for this task.
I have a smart card reader built into the client which I want to use for:
What I found out is, that the upcoming version of nx can do such a thing and the commercial solutions offer also this functionality (Windows only, Citrix, Oracle SDG …)
Is it possible with x2go to forward the smart card (reader) to the terminal server in a secure way to use it for further actions? If yes: What do I need for this?
Regards Markus
Hi Markus,
On Mi 11 Sep 2013 16:58:34 CEST Markus Bräunig wrote:
Hello,
I am looking for a solution to provide secure authentication / mail
signing etc on a central place, so I researched the actual available
OS-Solutions for this task.I have a smart card reader built into the client which I want to use for:
- authentication at the Terminal Server
- "taking" my smart card with me to authenticate at further
destinations (connection is initiated at the Terminal Server).What I found out is, that the upcoming version of nx can do such a
thing and the commercial solutions offer also this functionality
(Windows only, Citrix, Oracle SDG …)Is it possible with x2go to forward the smart card (reader) to the
terminal server in a secure way to use it for further actions? If yes: What do I need for this?
I guess, we need to utilize the achievements of the USB/IP project [1]
for that. At the moment I have no resources to work on this for free
myself. However, you can contribute the first steps to the X2Go
project by testing USB/IP with X2Go.
[1] http://usbip.sourceforge.net/
My suggestion would be:
o start an X2Go session o provide USB/IP over a second SSH connection to the X2Go Server
The USB/IP provision has to be implementable completely in user space.
It is possible to promote a user with root privileges, but we should
avoid that.
If you could work on such a manual setup (as a research project) I
will be happy to work your results into the upstream X2Go code.
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...