On 11/03/2020 21:11, Michael Cronenworth wrote: > On 3/10/20 11:05 PM, Antoine Martin wrote: >> The xpra proxy can do pretty much the same thing. ie as root: >> xpra proxy --bind-tcp=0.0.0.0:10000 --tcp-auth=sys >> >> Then you can authenticate as individual unix users on that proxy and >> request a new sessions. > > Thanks! This is what I was looking for. It's working but with a caveat. > > When I try to use '--tcp-auth=sys' I cannot login. Xpra outputs: > > Error: PAM authentication check failed: > No module named 'xpra.server.pam' That's odd, the module is present with a default 64-bit CentOS 7 installation of python2-xpra-server-3.0.6-0.r25195: ls -la /usr/lib64/python2.7/site-packages/xpra/server/pam.so
You can test that it imports successfully with: python -c "from xpra.server import pam" Maybe one of the libraries pam needs is not installed? ie: yum install pam Otherwise you'll have to figure out what is missing with: ldd /usr/lib64/python2.7/site-packages/xpra/server/pam.so > I'm using Xpra 3.0.6 on RHEL 7. When I use 'tcp-auth=allow' it works, > but obviously I need pam instead. Yes, if your users all have system accounts then it's easier. Otherwise, you can try another backend (ie: sqlite) FYI: you can run your server with "-d auth" to get more authentication debugging output. Cheers, Antoine > > Am I missing something else? > > Thanks, > Michael _______________________________________________ shifter-users mailing list [email protected] https://lists.devloop.org.uk/mailman/listinfo/shifter-users
