On 13-12-16 08:49, Mike Gabriel <mike.gabr...@das-netzwerkteam.de> wrote: > Hi Reinhard, > > On So 15 Dez 2013 01:13:35 CET, Reinhard Tartler wrote: > > >Package: x2goserver > >Severity: serious > > > >Hi, > > > >my understanding of the x2goadmin code [code], end of sub add_user, is > >that the code tries to write the sql password in users homes. This > >will fail for installations that have the user homes on NFS with the > >option "rootsquash" mounted. > > > >I set the severity to "serious" because I imagine that this is a > >rather common scenario. > > > >Also, this approach has another problem: Imagine you want to give > >access to the unix group "staff"? According to the documentation, you > >can use the options "--addgroup" and "--rmgroup" for this. What if a > >new employee joins the company later and wants to use x2go? In this > >case you need to call x2godbadmin for this new user again, which is > >suboptimal. > > > >Is there really no way to get around generated user passwords?
There is a way that could work: If configured correctly, postgresql can use GSSAPI (Kerberos) Authentication. That way, the user is authenticated using his login ticket cache which is created anyways. If necessary, one could also provide a keyfile for the cleanup-cronjob so that it can at least access the database with sufficient permissions. But I have never tried this with x2go and don't know if it would work. Ciao, Alexander Wuerstlein. _______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
