[X2Go-User] X2Go, MFA and Duo?

Stefan Baur X2Go-ML-1 at baur-itcs.de
Sat Apr 25 16:31:41 CEST 2020 

[Folks, please don't top-post]

>> Am 24.04.20 um 20:12 schrieb J.Witvliet at mindef.nl:
>> > One obviously missing, is a SmartCard, loaded with SSL keys &
>> certificates, that should be reachable through P11 (or pkcs11) library...


>> We have SmartCard support as well (quite obviously, as X2Go started out
>> as a replacement for SunRay workstations), that's just handled
>> differently.  But it's possible to authenticate using a GnuPG card that
>> has SSH keys stored on it, for example.


> Op 25-4-2020 om 09:41 schreef J.Witvliet at mindef.nl:
>> That’s the point.  Gpg-cards.
>> We too had those sun-machines for evaluation, but declined.
>> When ones whole organization is using PKI, with 65,000 cards around,
>> pkcs11 is essential. Would be nice to have a proper Citrix alternative.


Am 25.04.20 um 16:14 schrieb Jos:

> Then again an organisation with 65000 posssible users looking for an
> proper Citrix alternative and considering X2Go might get in touch with
> the people in control to get this build?
>
> Surely there would be some kind of EU funding for this to make sure one
> gets out of the hands of a proprietary software product.
> Me as a citizen of the country in question would really approve if not
> demand this from such a respected department.


Basically, pkcs11 support in X2Go would depend on pkcs11 support in
libssh (haven't checked if it's there in the current version, nor in the
version we're using in X2GoClient).
Once present, it *may* need further changes to X2GoClient to make things
work.

As X2Go is Open Source, let me say: Patches Welcome.

And if you can't do it yourself, feel free to contract a developer/a
software development company to do it for you.

The only catch here is that neither BAUR-ITCS nor DAS-NETZWERKTEAM will
be available for this*.  I don't know about phoca GmbH, though, so it
might be worth a try.  But even if you hire a third-party developer
outside of X2Go's core dev team: As stated above, we will accept patches
for pkcs11 support into the main X2Go source.

Kind Regards,
Stefan Baur

*The reason is that for both of these companies, doing business with
military organizations would be a violation of their corresponding
ethics code.  We've had a similar discussion on the list (or was it on
x2go-dev?) a few years ago, when the issue was nuclear power/nuclear
research.  We, as companies (and the individuals in charge of them),
don't want "blood money" - but X2Go, as a project, will accept
contributions under GPL, even from such orgs.


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

More information about the x2go-user mailing list