On Sun, 2004-07-18 at 13:38, Oystein Viggen wrote: > * ["Adam J. Bradley"] > > > I've been searching for an implementation of VNC which uses either PAM > > or Kerberos as its authentication method in order to provide single > > sign-on to Xvnc server sessions. > > I've been toying with the idea of using ssh as the authentication > method for VNC on Unix. This would work something like this: > > First login: > 1. VNCviewer popen()s and ssh process to log in to the server > 2. on the server, a program vnc-preauth-server is run with the same > arguments as you would run "vncserver". > 3. Xvnc is started, it chooses the first unused X11-port (say :3), and > opens a socket in ~/.vnc/socket. This file does the job normally done > by TCP port 59XX. > 4. vnc-preauth-server starts talking to ~/.vnc/socket > > Second login: > 1. VNCviewer popen()s and ssh process to log in to the server > 2. on the server, vnc-preauth-server is run. > 3. vnc-preauth-server notices that there is an active socket in > ~/.vnc/socket and starts talking to that. > > Nice things about this scheme: > * Everything is encrypted through SSH > * Client configured persistent sessions > * No need to assign specific ports to specific users > * Did I already mention security and persistent sessions? > > I need my session to be persistent, as I use VNC as kind of a graphical > screen(1), having the same desktop available everywhere. I also think > that this scheme would enable a bigger degree of configuration from the > VNC client (think selecting your screen resolution or killing your old > session from the graphical Windows client). >
You can have persistence and Inetd config but then you need more ports to connect to.... I discovered this recently... Jerry > Well, the idea is now out there. If anyone wants to pick up on it, > great! If not, I'll just keep on using the good old ssh port forwarding > trick.. > > Xystein _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
