I have kind of answered my own question. An option seems to be to run with
"-SecurityTypes=VNCAuth,TLSVnc"
This mandates a minimum of a secure authentication stage, and then the
client can be configured (but not forced) to encrypt the session traffic.
I don't think that the server is NOT forcing encryption on the session is
significant, as in reality all instances of user sessions will implement
encryption (this could even be "hard-configured" on the client side ie by
passing the param in the JNLP for the Java viewer).
Really my only remaining issue is how to implement password-less login ....
either with TLSVnc and doing some kind of "hidden" password passing with
the JNLP, or by using X509Vnc I guess .....
On 30 November 2011 16:45, Dan Garton <dan.gar...@gmail.com> wrote:
> I'm trying to run a TigerVNC server in my project with the following
> security:
>
> - encryption (to make session traffic hard to sniff)
> - authentication (preferably via transparent key exchange, but if
> necessary a password submission is possible)
>
> According to this email from Martin K back in February (
> http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01013.html
> )
> I have these options:
>
> - TLSVnc
> - X509Vnc
>
> I am currently using TLSVnc fine with the bundled Java viewer.
>
> However, for non-Java-capable platforms, I need to use a different client
> solution, and on a tip from Brian H I have landed on noVNC (
> https://github.com/kanaka/noVNC )
> (noVNC doesn't do SSL natively, but can use a WebSockets proxy
> (websockify) which I have deployed)
>
> But I can't get it to connect to TigerVNC server running with
> SecurityType=TLSVnc.
>
> The noVNC developer tells me that *"The problem is that your VNC server
> is only configured to allow VeNCrypt and noVNC only supports standard VNC
> auth (2)."*
> *
> *
> But surely TLSVnc _is_ standard authentication? (as in, VNCAuth +
> encryption ?)
>
> Any help appreciated in getting me through this confusion.
>
> Regards,
> Dan G
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
