Q: PAM/Kerberos authentication
Corné Beerse
cbeerse "at" lycos.nl
Thu Jun 10 10:29:01 2004
Adam J. Bradley wrote:
> Hi all,
>
> I've been searching for an implementation of VNC which uses either PAM
> or Kerberos as its authentication method in order to provide single
> sign-on to Xvnc server sessions.
If it is for Xvnc, I'd remove the vnc-security and use the unix account by means
of xdmcp. See http://www.sourcecodecorner.com/articles/vnc/linux.asp for some
details.
This setup provides single-use vnc-sessions: only the one that connects can
access, because the port that is actually used is changed by inetd (and the used
Xvnc option) And once the connection between the viewer and the server is lost,
the server is killed by inetd. Hence no stale vnc-sessions.
>
> Is this facility available/possible/desireable. I'd be happy to kick
> off a project to get this going as I've been learning a lot about
> Kerberos and PAM in recent times!
If you start using kerberos, I think security is an issuse. VNC is not made for
security, you need to tunnel it trough a vpn or trough ssh or such to make it
secure.
If it is for authenticating-ease (the same account everywhere), the inetd
solution is suitable, it also adds ease of configuration for the users (none at all)
CBee