VNC: passwords and security - another approach

Ivan Popov pin "at" math.chalmers.se
Fri, 06 Mar 1998 08:38:56 +0000


On Thu, 5 Mar 1998, Charles Karney wrote
some interesting comments about passwords and security.

I've got another idea that seems to be much easier to implement and
has all the security benefits.

I'd vote for a server that runs just one session using stdin/stdout
or any other fd given by an argument
and a client capable of running the same way - over prepared channel.

Then you make client run ssh host serverscript

and here you are - secure authentication and full encryption. And no
possible misuse when you are not online (like root stealing kerberos
tickets when you forget unlog).

What you loose is

 - fast start :(
 - keeping the state of the desktop (a desktop manager can help)
 - sharable desktops (not desirable if you are concerned about security :)

For security-aware users this mode can be very preferable.

Regards,
--
Ivan Popov <pin "at" math.chalmers.se>
Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH