Here is my situation: My current users login to the :0 display using a different remote desktop product. They are presented with the GDM login when they open a session.
When they login (authenticated using Kerberos) they are given a Kerberos ticket, which allows them to SSH to other machines in our environment without a password. I am creating a VNC launcher, (the "vncserver" command is run for the user when they click "launch" for a machine in a list) When using VNC "Plain" authentication, they can authenticate via Kerberos, but they aren't given a ticket (I presume it is because Xserver/VNC doesn't create a session). I can get around this by connecting via an SSH tunnel, when I do that, the SSH session creates the Kerberos ticket. Problem solved, almost. If I use an SSH tunnel and "Plain", they are prompted for their username/password to SSH into the machine, and then again for the "Plain" authentication. I want to be able to use an SSH tunnel + "None" authentication, and limit the users that can connect to the session to only the user that owns the "Xvnc" process. Is there any way to do this? enable-user-acl is only respected if you use "Password" or "Plain" authentication.
------------------------------------------------------------------------------
_______________________________________________ TurboVNC-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/turbovnc-users
