[X2go-dev] Looking for information on the future of x2go (and some other x2go-related stuff)

[Alexander Wuerstlein]

On 11-03-03 12:49, Stefan Baur <newsgroups.mail2 at stefanbaur.de> wrote:
> Hi Mike,
> 
> you wrote:
> >doesn't Windows 7 have a password storage?
> Not that I'd know, though I am not exactly a Windows 7 expert (plus,
> Windows XP and Vista are still out there, too).
> I only remember seeing a password storage function when it comes to
> web site logins in Internet Explorer.
> 
> [SNIP]
> 
> >Generic would also be a statement: this functionality is not supported
> >for your OS.
> Which would be a NX/x2go-migration-blocker for those currently using
> the "store password" function of the NXclient.
> 
> Again, I don't mind if you're using ssh keyfiles instead of stored
> passwords (I could drop such a keyfile into the user's home
> directory and set it up in a way that it doesn't require a
> password).
> FWIW, you could offer to ship invisible dwarves that type the
> password on the user's keyboard and I wouldn't care. ;-)
> I just need *some* way to provide a one-click (or double-click,
> since we're talking Windows here) login.

The keyfiles idea doesn't sound too bad, let the user type the login
password, create a keyfile and use the password to remotely install the
private part of that keyfile. Though it has almost the same bad security
problems as storing cleartext passwords, there are some important
differences that would make it worthwile: A password will be re-used
(admins can forbid it all they want, won't work), so storing
cleartext-passwords will also allow the compromise of other systems. And
a compromised ssh-key can also be disabled by removing the appropriate
authorized_keys entry instead of needing to change quite a lot of
passwords.

> The reason behind this is a mix of usability and security issues:
> 
> Usability: The user is already authenticated on the Windows machine
> or the Windows Domain. No one else has access to the particular
> configuration file, as it is stored in the user's home directory
> (for this concept, it doesn't matter if it's a NX config file with a
> plaintext password, or a passwordless ssh secret key for x2go).
> There is absolutely no need to ask the user for a password again.

Agreed, but just as a suggestion, you could also use Kerberos via
winbind for passwordless ssh iirc. That way the authentication via the
windows domain would be reused without needing any further password and
without a possible security compromise.

> Security: While it would be possible to connect the NX or x2go
> server to the Windows Domain using PAM, keeping the two "worlds"
> seperate is a security benefit, since in the unlikely event that the
> Linux box gets hacked, the Windows Domain is not exposed to the
> attacker.

On the other hand, in the far more likely event your Windows Domain gets
hacked, you have handed the attacker all the Unix passwords on a
platter.

That said, I don't really care one way or the other, as long as it is
possible and easy for the admin to disable the "remember password"
button or as long as its disabled by default.



Ciao,

Alexander Wuerstlein.