On 07/23/2010 04:24 PM, DRC wrote: > On 7/23/10 3:40 AM, Martin Koegler wrote: >> On Thu, Jul 22, 2010 at 04:02:52PM -0500, DRC wrote: >>> This makes the use of extended authentication types somewhat useless >>> from the point of view of a SysAdmin, though. If there is not a way for >>> them to enforce, or at least strongly encourage, the use of secure >>> authentication on a system-wide level, then any user can choose to use >>> VncAuth or VncNone. >> A SysAdmin can't prevent a user from doing this. For normal (shell) user >> processes, he can only suggest defaults. >> >> If a sysadmin wants to control VNC use, has to: >> * Install a firewall on the server preventing inbound connection >> * Start vnc on some ports under a system user (eg. via inetd) >> >> Even in that case, the user can still start his own Xvnc server, but >> he needs to tunnel remote access. > You're missing my point. What I'm trying to do is implement a mechanism > whereby the SysAdmin can set global defaults for all TigerVNC server > sessions on the system. Yes, there are always ways to hack around this, > but the idea is to make it difficult enough to hack around that most > users won't bother. If a SysAdmin prefers that the insecure security > types, such as VncAuth, not be exposed by default, then they should be > able to at least make it difficult for a user to use those types. I think the point was understood, but we are discussing the value of having a "security" feature which is trivial to bypass and makes the use of the command line options less intuitive. Personally I do not like this type of "features"..
Antoine ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
