On Fri, Dec 02, 2011 at 02:45:45PM +0000, Dan Garton wrote: > > I'm not aware of any transparent signon. TigerVNC only allows: > > * No authentification > > * Classic VNC authentification > > * Authentification with username/password (default authentification > > provider > > is the system authentification) > > > > It would be possible to extend SSecurityTLS/CSecurityTLS to send/verify > > client > > certificates and use this with X509None. This would result in a > > passwordless > > login solution based on certificates - but you would have to extend the > > code. > > > Ok, I must admit this has confused me a bit. > > Your email at > http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg01013.html > suggested > to me that X509None *already* allows for a passwordless login based on > certificates, and you also listed the options used on both server and > client sides for this.
No. x509cert and x509key of the server are the crendentials, with which the server will prove its identity. x509ca + x509crl on the client are used to check the server identity. This is the same procedure, as any normal https website works. For passwordless logins, you need client certificates. The client needs a certificate and it's key and the server needs the ca + crl to verify it. gnutls has the support for this, but some glue code is missing. If you don't know the whole client certificates thing, I suggest to start reading the apache httpd mod_ssl documentation (especially SSLCACertificateFile). Regards, Martin ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
