Ahh. I was under the impression (since I haven't used x0rfbserver
hardly at all to know how it works, etc.) that the .x0rfbserver file was
similar to the ~/.vnc/passwd file in that you can just "use" that file
to authenticate to a running session. In other words with vcnviewer,
you can do this 'vncviewer -password /home/user-to-control/.vnc/passwd
<IP of host>:1' or whatever and it will automatically authenticate you
to that running session without you having to type the password. I used
this feature in the vnc-X-session package I wrote awhile ago which
actually gives pretty much the functionality that x0rfbserver does
albeit a little slower for the user since you are running through
vncviewer for your session instead of having an actual hardware
accelerated X session. But it does give you session persistance which
was what I wanted. You don't get session persistance with x0rfbserver
(at least not easily -- or possibly at all -- that I can see).
Jason Bechtel wrote:
>Jason P.,
>
>The .x0rfbserver file contains the password, but
>encrypted/hashed. Also, as John Cuzzola pointed out, the
>permissions are 0600 and it is owned by root. This is
>pretty good, I'd say. If the user has root on your server,
>they've already won.
>
>I also see no reason why there couldn't be individual
>.x0rfbserver config files for each workstation
>(.x0rfbserver-${HOSTNAME|IP|MAC}?).
>
>Good point about it being on a public (basically) read-only
>share, though... A system on the network could conceivably
>get a copy of the file and run a dictionary attack on the
>encrypted password. One could restrict the range of IP's
>with access to the share to only those corresponding to the
>LTSP workstations. But that's not a sufficient solution.
> I'm also not sure about the status of the network traffic
>involved in authenticating between the viewer and the
>remote x0rfbserver. I'm guessing it's not encrypted,
>though, which expands the range of potential attackers back
>to the entire network...
>
--
Jason A. Pattie
[EMAIL PROTECTED]
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________________________
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
