VNC authentication/authorization

Bala Sambandam bala_sambandam "at"
Mon, 17 Sep 2001 19:43:59 +0000


I'm in the process of making changes to the 3.3.9r2 source for winvnc
and the 3.3.3r2 source for the Java vncviewer to handle NT domain
authentication and authorization.  I had to create a new rfb protocol
with some minor changes.  I've called it 003.004 for now.  It's
backward compatible with older viewer's and should port easy enough to
any authentication scheme that supports usernames, passwords and

The way it works on NT is with 3 optional registry settings.  When
these settings are missing then it default back to the old scheme.

o AuthType
One of "VNC" for the old single password authentication style or "OS"
for OS level authentication and authorization.

o DefaultUser
A username (of the form <user> or <domain>\<user> on NT) to use when
older vncviewers connect since these can only supply a password.

o AuthRole
An OS group (of the form <group> or <domain>\<group> on NT) to use when
authorizing client sessions.  The user that a client session
authenticates with must be in this group.

I'm not updating the C/C++ vncviewer, just the Java vncviewer since
this is all I need for my requirements.

I've made a first pass on the server side changes.  I'm in the process
of updating the Java vncviewer.  I was wondering if once I finished
testing my changes whether there was a process for
submiting/integrating these back.  I lack forward compatibility since I
had to change the RFB.


Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at"
See also: