Ahh. I was under the impression (since I haven't used x0rfbserver hardly at all to know how it works, etc.) that the .x0rfbserver file was similar to the ~/.vnc/passwd file in that you can just "use" that file to authenticate to a running session. In other words with vcnviewer, you can do this 'vncviewer -password /home/user-to-control/.vnc/passwd <IP of host>:1' or whatever and it will automatically authenticate you to that running session without you having to type the password. I used this feature in the vnc-X-session package I wrote awhile ago which actually gives pretty much the functionality that x0rfbserver does albeit a little slower for the user since you are running through vncviewer for your session instead of having an actual hardware accelerated X session. But it does give you session persistance which was what I wanted. You don't get session persistance with x0rfbserver (at least not easily -- or possibly at all -- that I can see).
Jason Bechtel wrote: >Jason P., > >The .x0rfbserver file contains the password, but >encrypted/hashed. Also, as John Cuzzola pointed out, the >permissions are 0600 and it is owned by root. This is >pretty good, I'd say. If the user has root on your server, >they've already won. > >I also see no reason why there couldn't be individual >.x0rfbserver config files for each workstation >(.x0rfbserver-${HOSTNAME|IP|MAC}?). > >Good point about it being on a public (basically) read-only >share, though... A system on the network could conceivably >get a copy of the file and run a dictionary attack on the >encrypted password. One could restrict the range of IP's >with access to the share to only those corresponding to the >LTSP workstations. But that's not a sufficient solution. > I'm also not sure about the status of the network traffic >involved in authenticating between the viewer and the >remote x0rfbserver. I'm guessing it's not encrypted, >though, which expands the range of potential attackers back >to the entire network... > -- Jason A. Pattie [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net