* ["Adam J. Bradley"] > I've been searching for an implementation of VNC which uses either PAM > or Kerberos as its authentication method in order to provide single > sign-on to Xvnc server sessions.
I've been toying with the idea of using ssh as the authentication method for VNC on Unix. This would work something like this: First login: 1. VNCviewer popen()s and ssh process to log in to the server 2. on the server, a program vnc-preauth-server is run with the same arguments as you would run "vncserver". 3. Xvnc is started, it chooses the first unused X11-port (say :3), and opens a socket in ~/.vnc/socket. This file does the job normally done by TCP port 59XX. 4. vnc-preauth-server starts talking to ~/.vnc/socket Second login: 1. VNCviewer popen()s and ssh process to log in to the server 2. on the server, vnc-preauth-server is run. 3. vnc-preauth-server notices that there is an active socket in ~/.vnc/socket and starts talking to that. Nice things about this scheme: * Everything is encrypted through SSH * Client configured persistent sessions * No need to assign specific ports to specific users * Did I already mention security and persistent sessions? I need my session to be persistent, as I use VNC as kind of a graphical screen(1), having the same desktop available everywhere. I also think that this scheme would enable a bigger degree of configuration from the VNC client (think selecting your screen resolution or killing your old session from the graphical Windows client). Well, the idea is now out there. If anyone wants to pick up on it, great! If not, I'll just keep on using the good old ssh port forwarding trick.. Xystein -- If it ain't broke, don't break it. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
