New AuthScheme (s)...
James (Wez) Weatherall
jnw22 "at" cam.ac.uk
Tue, 29 Feb 2000 11:03:54 +0000
> i'm a newbie to VNC, but i've already hacked up the vncserver on the Unix
> size to authenicate against the password of the user running the Xvnc
> session (instead of the ~/.vnc/passwd file). since our sysadms really
> dislike fixed passwords (nevermind stored in home directories...) i
haven't
> seen how the NT Domain auth. works, i just started this 3 days ago...,
but
> it doesn't look much different (registry instead of flat file)..
> and i've seen some contribs wth NT authenication, but it's not compatible
> with... oh well...
This is simply the mechanism used to store the password, not to perform
authentication. It relies on the fact that the relevant registry location
or file is inaccessible to everyone but them. The encryption performed
doesn't provide security - it just means that if you open that file and
someone glances over your shoulder, they can't trivially know your password.
> ... after two passes, i've come up with a new Alternative Authenication
> Scheme, rfbAuthScheme, since i couldn't figgure out how to get the
plaintext
> password from vncviewer's encrypted challenge + password.
>
> well, my "AltAuth" scheme encrypts the user's password with the random
> challenge, and then compares it to the Unix crypt one.
? What is the protocol you're using? VNC already uses a random challenge
scheme.
Cheers,
James "Wez" Weatherall
--
"Xenophobes should go back to Xenophobia"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------