Just thinking about authentication with the .x0rfbserver file that I assume contains the necessary password information for accessing the x0rfbserver for the thin client sessions. Talking it over with my boss, he pointed out that there seems to be a flaw with this implementation. You have decided to place the .x0rfbserver file in .../ for the thin client filesystem. However, this filesystem is being exported as readable to anyone who wants it. Not only that, if the LTSP server is the same as the application server, all users on the application server have access to the password file for all other user's sessions without even having to mount the NFS export. Unless there's some way to secure the exported directory (via user/group permissions, etc.), then we were thinking the following features might be useful:
1) When a vncviewer or xrfbviewer connection attempt comes to the thin client, the x0rfbserver will popup a dialog that asks the currently logged in user to accept or reject the connection. 2) If the user accepts the connection, x0rfbserver will popup another dialog for the user to type a password for the new connection. 3) On the vncviewer or xrfbviewer side of the connection, the user would have been waiting. At this point, the password prompt would be displayed for them to enter the newly set session password and connect to the thin client. This is of course more interactive and may not be the policy that a company desires to implement. However, at first glance it seems to be more secure. Also, it would seem very likely to be able to store a per thin client x0rfbserver password in LDAP once that becomes available. That would also be more secure than having the password available in a file on the NFS export especially if the LDAP server requires authentication for that particular information. -- Jason A. Pattie [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
