[EMAIL PROTECTED] wrote: > > Does anybody know if VNC will Authenticate with TACACS?
No, unless somebody's sneaked a contrib recently. I haven't seen it mentioned. > or will it autenticate with anything else? I think there's an NT domain authentication patch somewhere. As I said in a post back in February, PAM (pluggable authentication modules) is the way to go: > Implementing PAM would give us (instantly) LDAP, Kerberos, NIS[+], > RADIUS, TACACS+, Netware, s/key etc... or at least it would on > sane platforms. Is there a PAM implementation on win32? To which Mike Ossman replied with an insightful idea: > [no, there isn't a win PAM] > One way you can get PAM for a VNC connection today is by tunneling over > SSH and using OpenSSH's PAM authentication. I've played with this a > little bit. If you disallow unencrypted direct VNC connections and turn > off VNC authentication, then a properly configured client can use > whatever SSH authentication mechanism you want and then transparently > launch VNC without an additional password. See his post in the archives (15th Feb, subj: 'Re: LDAP compability' [sic]) for more details on this. For details on PAM, see... erm, a googlesearch on PAM & authentication, and pick the platform you're on. STOP PRESS! PAM for NT: http://www.citi.umich.edu/u/itoi/ (see NI_PAM). It's got modules for Kerberos 4, 5 and Netware 4. I've no idea how hard porting TACACS+, LDAP, RADIUS etc. modules would be to win32, but the hard work (the PAM framework) has already been done by Naomaru Itoi. -- Illtud Daniel [EMAIL PROTECTED] Uwch Ddadansoddwr Systemau Senior Systems Analyst Llyfrgell Genedlaethol Cymru National Library of Wales Yn siarad drosof fy hun, nid LlGC - Speaking personally, not for NLW --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
