On 7/21/10 3:16 AM, Adam Tkac wrote: > This is a valid argument but I would like to see feedback from other > TigerVNC developers to decide which types should be enabled by > default. I will open a separate thread for this.
I am joining into this discussion late, so I don't think I fully understand how the system currently works, but IMHO, the way it should work is as follows: -- A set of "allowed" security types can be configured for the VNC server. It should be possible for a SysAdmin to specify this in a central config file, which will take precedence over command line options or per-user config files (thus, if a SysAdmin decides, for instance, to disable the use of VncAuth, the user can't override this decision.) -- The first entry in the set of allowed security types becomes the default security type for the viewer, but the viewer can override this and use any of the other allowed security types. -- The default set of allowed security types for the server is the set of all security types that TigerVNC supports, with VncAuth being the first entry and VncNone being the last. Thus, any viewers that do not override the default will revert to using the legacy VNC password authentication. However, the SysAdmin can change the set of allowed security types on the server side to force all viewers to use something more secure than VncAuth. If I understand correctly, then using the -securityTypes argument to vncserver and vncviewer addresses most of this, but correct me if I'm wrong. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel