[X2Go-Commits] page changed: doc:installation:x2gobroker

wiki-admin at x2go.org wiki-admin at x2go.org
Sun May 12 23:50:59 CEST 2013 

A page in your DokuWiki was added or changed. Here are the details:

Date        : 2013/05/12 21:50
Browser     : Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
IP-Address  : 2.208.203.28
Hostname    : 2.208.203.28
Old Revision: http://wiki.x2go.org/doku.php/doc:installation:x2gobroker?rev=1368392723
New Revision: http://wiki.x2go.org/doku.php/doc:installation:x2gobroker
Edit Summary: 
User        : sunweaver

@@ -40,8 +40,53 @@
  
    * [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob_plain;f=etc/x2gobroker-wsgi.apache.conf|X2Go Session Broker WSGI support added globally]]
    * [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob_plain;f=etc/x2gobroker-wsgi.apache.vhost|X2Go Session Broker WSGI support as VirtualHost]]
  
+ 
+ 
+ ===== X2Go Session Broker Authentication Service =====
+ 
+ Package name: '''x2gobroker-authservice'''
+ 
+ On Debian based systems:
+ 
+ <code bash>
+ $ sudo apt-get install x2gobroker-authservice
+ </code>
+ 
+ The X2Go
Session Broker Authentication Service normally gets installed on the machine that also has ''x2gobroker-daemon'' or ''x2gobroker-wsgi'' installed. The broker code itself runs as system user ''x2gobroker'' whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker.
+ 
+ The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (''pam_unix.so'') requires root privileges by the authentication process.
+ 
+ With other PAM setups (e.g. ''pam_ldap.so'') root privileges are not required and it is ok to not install ''x2gobroker-authservice''.
+ 
+ Furthermore, X2Go Session Broker can be extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are
listed [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=tree;f=x2gobroker/authmechs|here]].
+ 
+ ===== X2Go Session Broker Agent =====
+ 
+ Package name: '''x2gobroker-agent'''
+ 
+ On Debian based systems:
+ 
+ <code bash>
+ $ sudo apt-get install x2gobroker-agent
+ </code>
+ 
+ Installing X2Go Session Broker Agent is optional. The broker agent has to be intalled on machines that are in the roll of an X2Go Server (i.e. in the role of a terminal server running X2Go).
+ 
+ **Note:** Furthermore, the X2Go Session Broker Agent gets installed setuid root (group: x2gobroker system group, permissions: 0750). System administrators should be aware of this. If someone hacks the x2gobroker user account on one of your X2Go Servers, this hacker can then execute certain X2Go related commands with root privileges on the X2Go Server system.
+ 
+ The broker agent is the man-in-the-middle between X2Go Session Broker and the X2Go Server(s) that the session broker provides. Through the X2Go Session
Broker Agent the broker core can obtain information on provided X2Go Servers for all users on that server host. 
+ 
+ The current functionalities of the broker agent are:
+ 
+   * list user sessions of any user
+   * deploy SSH public keys on behalf of any user
+   * drop SSH public keys on behalf of any user
+   * render an ordered list of X2Go Servers and their usage (by number of running/suspended sessions), only needed in load balancing setups
+   * suspend sessions on behalf of any user
+   * render a list of used X2Go Servers
+   * (more to come...)
  
  ===== X2Go Session Broker: Backends and Frontends =====
  
  The design of X2Go Session Broker as provided in [[http://code.x2go.org/gitweb?p=x2gobroker.git|X2Go Git]] is highly modular. The X2Go Session Broker Daemon can be easily extended with //broker backends// and //WebUI frontends//.
@@ -64,27 +109,8 @@
  ==== Currently available WebUI frontends ====
  
    * The '''plain''' WebUI frontend: usable with X2Go Client
    *
The '''uccs''' WebUI frontend: usable with Unity Greeter (experimental)
- 
- 
- ===== X2Go Session Broker Authentication Service =====
- 
- Package name: '''x2gobroker-authservice'''
- 
- On Debian based systems:
- 
- <code bash>
- $ sudo apt-get install x2gobroker-authservice
- </code>
- 
- The X2Go Session Broker Authentication Service normally gets installed on the machine that also has ''x2gobroker-daemon'' or ''x2gobroker-wsgi'' installed. The broker code itself runs as system user ''x2gobroker'' whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker.
- 
- The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (''pam_unix.so'') requires root privileges by the authentication process.
- 
- With
other PAM setups (e.g. ''pam_ldap.so'') root privileges are not required and it is ok to not install ''x2gobroker-authservice''.
- 
- Furthermore, X2Go Session Broker can be extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are listed [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=tree;f=x2gobroker/authmechs|here]].
  
  ===== Setting up Config Files =====
  
  ==== Configuration of X2Go Session Broker ====



-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/

More information about the x2go-commits mailing list