Q: PAM/Kerberos authentication
Adam J. Bradley
abradley "at" novell.com
Fri Jun 11 01:50:01 2004
Corne et al,
Thanks to all of you who responded. I'm currently using the method you describe on a SuSE 9.1 Pro box and it works well! What I'm trying to achive is single sign on. That is, to pass credentials through to GDM/KDM/XDM in order to log straight in!
What I need to know more about is X authentication, and the interaction of Xvnc with the X server and how I might go about getting Xvnc to pass through credentials.
>>> Corni Beerse <cbeerse "at" lycos.nl> 10/06/2004 7:28:37 pm >>>
Adam J. Bradley wrote:
> Hi all,
> I've been searching for an implementation of VNC which uses either PAM
> or Kerberos as its authentication method in order to provide single
> sign-on to Xvnc server sessions.
If it is for Xvnc, I'd remove the vnc-security and use the unix account by means
of xdmcp. See http://www.sourcecodecorner.com/articles/vnc/linux.asp for some
This setup provides single-use vnc-sessions: only the one that connects can
access, because the port that is actually used is changed by inetd (and the used
Xvnc option) And once the connection between the viewer and the server is lost,
the server is killed by inetd. Hence no stale vnc-sessions.
> Is this facility available/possible/desireable. I'd be happy to kick
> off a project to get this going as I've been learning a lot about
> Kerberos and PAM in recent times!
If you start using kerberos, I think security is an issuse. VNC is not made for
security, you need to tunnel it trough a vpn or trough ssh or such to make it
If it is for authenticating-ease (the same account everywhere), the inetd
solution is suitable, it also adds ease of configuration for the users (none at all)
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit: