Q: PAM/Kerberos authentication
d.love "at" dl.ac.uk
Fri Jun 11 13:53:01 2004
"Adam J. Bradley" <abradley "at" novell.com> writes:
> Hi all,
> I've been searching for an implementation of VNC which uses either PAM
> or Kerberos as its authentication method in order to provide single
> sign-on to Xvnc server sessions.
> Is this facility available/possible/desireable.
Using PAM with such networked services is not generally desirable.
You at least need to make sure that the connexion is secured with TLS
or something to avoid your credentials going in the clear, and it's a
risk to assume that always happens.
There are kerberized versions of SSH (e.g. in Debian), which might
help somewhat, depending on the circumstances.
If you are looking at kerberizing VNC (which sounds useful) I assume
you've spotted the Kerberos stuff in the X distribution, though that
might not be the best place to start. How about using SASL for