On Thu, Feb 24, 2011 at 09:44:20PM +0100, Sebastiaan Breedveld wrote: > I am testing the 1.1 pre-beta (2/21/11) 64 bit Linux binary on an Ubuntu > Natty machine. According to previous posts, I start the VNC server as: > ./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaan > pam_service=vnc > > which works fine when connecting with: > ./vncviewer :4 -SecurityTypes=VeNCrypt,Plain > and supplying my credentials. > > Unfortunately, if the password of the user is not stored locally, but > has to be retrieved from a server (a RADIUS server in my case), the > connection fails: > ./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaanRemote > pam_service=vnc > My /etc/pam.d/vnc looks like this: > auth [success=2 default=ignore] pam_unix.so nullok_secure > auth sufficient pam_radius_auth.so debug > auth requisite pam_deny.so > auth required pam_permit.so > > account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so > account sufficient pam_radius_auth.so > account requisite pam_deny.so > account required pam_permit.so >
tigervnc currently only uses the auth section - account, session and password are ignored. Xvnc simply passes username & password to pam and waits for the result. I have tested it for example with the pam_krb5 module successfully. The problem is, that some pam modules react differently, if they are invoked by root or a normal user. The debian pam_unix eg. let normal users only verify their own password and fails on any other user name. Other modules like pam_krb5, (also pam_ldap?) allow a normal user to verify the password of any user. I would check, if your pam_radius_auth has any config/data file, which are only root accessible. If that is the case, it will probably only work, if Xvnc runs as root [or gets otherwise access to these files]. Regards, Martin Kögler ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
