Authenication

Kenneth Foster fosterk "at" aenigma.net
Mon, 07 Aug 2000 23:42:25 +0000


Jonathan,

I kind of like the idea of using a simple protocol and part of me agrees
with that.  But you lose so much by not using SMB or RADIUS or NIS as your
authentication mechanism.  I'm not saying SMB is the best way to go. Heck,
even Kerberos could be used.  What I'm trying to do is, at the high end,
keep investments in centralized authentication from being wasted.  If a new
protocol could be invented that could talk to a centralized authentication
server that could track username/password/time/date/machine/+more
restrictions, then I'm all for it.  But one already exists, and it is
cross-platform.

Again, I agree with you that the Server would pick the authentication
mechanism. But I also feel like it should be able to fall back to an earlier
scheme so as to maintain backward compatibility. Or maybe we say "screw
compatibility.  Its free, so upgrade".

I also like the local database option.  This could be an alternative
authentication mechanism.  It could be chosen during the configuration of
the server.  I think that its a great idea actually.

Now, if we could get some developers to agree.  As I've posted before I'm
willing to throw a few K into the development pot.


Ken Foster


-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Jonathan Morton
Sent: Monday, August 07, 2000 6:14 PM
To: vnc-list "at" uk.research.att.com
Subject: RE: Authenication


What I'm saying, is that instead of using SMB, use a relatively simple TCP
connection using a new protocol.  Then servers and auth-servers can run on
any platform, not just those that happen to support SMB.

As for the RFB modifications necessary, since it is the Server that
mandates which authentication type is required, it is relatively easy to
add a new authentication type.  If the client doesn't understand this type,
it has to drop the connection or send garbage, both of which are secure.

Notice I said "_option_ to use a local database file".  This saves the
"average user" with just one machine from having to set up the
authentication server on 'localhost', just so he can allow multiple people
to have their own passwords.  If we standardise the database file format,
then it can be easy for them to migrate to a full auth-server if they feel
it necessary later.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi "at" cyberspace.org  (not for attachments)
uni-mail: j.d.morton "at" lancaster.ac.uk

The key to knowledge is not to rely on people to teach you it.

Get VNC Server for Macintosh from http://chromatix.autistics.org/vnc/

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a19 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------