Authenication

Jonathan Morton chromi "at" chromatix.org.uk
Mon, 07 Aug 2000 23:17:20 +0000


>The main reason I went this route is that you could really get tricky with
>it.  The reality is, you only really need to modify the "server" part of
>VNC.  The Clients don't need much if any modification at all.
>
>The client connects to the Server, during the connection hand shake they
>exchange "authentication mechanisms"  If it is an older client then it used
>the normal authentication.  If it is an enhanced client then it can pass
>more information such as UserName and Password, or even more if you want.
>This part could be done using any protocol you want, even RFB.
>
>The Server is heavily modified.  It knows how to speak SMB and RFB.

What I'm saying, is that instead of using SMB, use a relatively simple TCP
connection using a new protocol.  Then servers and auth-servers can run on
any platform, not just those that happen to support SMB.

As for the RFB modifications necessary, since it is the Server that
mandates which authentication type is required, it is relatively easy to
add a new authentication type.  If the client doesn't understand this type,
it has to drop the connection or send garbage, both of which are secure.

>Now, back to why a local database file is a bad approach.  In large
>organizations we have spent considerable time and effort coming up with ways
>to centralize authentication.

Notice I said "_option_ to use a local database file".  This saves the
"average user" with just one machine from having to set up the
authentication server on 'localhost', just so he can allow multiple people
to have their own passwords.  If we standardise the database file format,
then it can be easy for them to migrate to a full auth-server if they feel
it necessary later.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi "at" cyberspace.org  (not for attachments)
uni-mail: j.d.morton "at" lancaster.ac.uk

The key to knowledge is not to rely on people to teach you it.

Get VNC Server for Macintosh from http://chromatix.autistics.org/vnc/

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a19 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------