[X2Go-Dev] x2gobroker without auth
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Fri Mar 1 09:47:13 CET 2013
Hi Anders,
On Do 28 Feb 2013 18:00:54 CET Mike Gabriel wrote:
> Hi Anders,
>
> On Do 28 Feb 2013 14:52:31 CET Anders Bruun Olsen wrote:
>
>> Hi Mike,
>>
>> Default behavior for x2gobroker and x2goclient in broker mode seems to be
>> to first authenticate against the broker and then whatever terminal server
>> the user ends up connecting to. This means the user ends up having to type
>> in his/her username and password twice. Not a nice user experience. Either
>> it shouldn't authenticate to get the available sessions or it should
>> remember the username/password and try it when authenticating against the
>> chosen server. Until the latter might be possible, I would like to turn off
>> authentication to get the session information. It seems to me that this
>> information is fairly safe to be publicly available. I have set
>> check-credentials = false in x2gobroker.conf, but the client still prompts
>> the user for a username/password. You can just hit enter twice at that
>> dialog, but it still isn't an acceptable user experience. Is it possible to
>> avoid this extra authentication currently, or would it mean changes to
>> x2goclient?
>
> Please use
>
> x2goclient --broker-noauth --broker-url=<URL>
>
> For this to work, you have to set the check-credentials config
> option x2gobroker.conf to false.
I have checked this again and thought it through. As the broker needs
to know the username on whose behalf to operate, you probably have to
add the --auth-id cmdline switch:
x2goclient --auth-id=<broker-user> --broker-noauth --broker-url=<URL>
This is ok with X2Go Client installations on some local/private
machines. On thin clients (with no local login) this does not work as
the thin client is not aware of the person's username sitting in front
of the TC.
Hmmm...
The other option would be to automatize the SSH login once the user
has authenticated against the broker. This feature is already
implemented in X2Go Client but needs some extra work in the public
X2Go Session Broker.
Another issue, I have to address later: The current broker
implementations in X2GoClient expects that the broker user ID is
identical with the SSH user ID (i.e. the X2Go user ID) of the
targetting servers. This is suboptimal, IMHO.
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130301/c4f136a7/attachment.pgp>
More information about the x2go-dev
mailing list