Hi John, Single Sign-On allows the VNC server to fully authenticate the connecting viewer without the viewer having to prompt the user to enter the username and password, provided that the viewer & server systems share a common authentication authority. Single Sign-On does not actually log the user on to the console of the remote system in current releases, however.
What you're trying to do is reasonable, I think, but isn't supported by current releases. Cheers, Wez @ RealVNC Ltd > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Morgan Salomon > Sent: 26 July 2007 14:53 > To: [email protected] > Subject: VNC +Certificate Authentication > > Hi there, > > I apologize if the answer to this question is staring me > right in the > face in some FAQ or so, but I haven't been able to find it. > > We have two Windows boxes connecting to each other in a test lab > (W2k3 server sp1 and Windows XP sp1.) Both are running evaluation > copies of RealVNC4 enterprise edition. > > I am trying to find out the following: > > 1) whether there is a possibility of authenticating to a VNC server > using an x.509 certificate (in our case from a smart card) > 2) whether it's possible to use certificate-based NT domain > credentials to log directly in through the GINA on the target system > (we cannot get this working for some reason; we selected > 'single sign- > on' in the VNC server configuration menu, but we still get the > server's login GINA window.) Does it matter whether this runs as a > Windows service or in user mode? > 3) whether there is provision, existing or planned, for forwarding a > local PCSC channel to a VNC server the way RDP does > > stunnel is not an option (we don't care about authenticating the > underlying connection, but the actual user interaction with either > the MS GINA or, failing that, the VNC server.) > > Basically we're trying to see if there's a way a user can > start a VNC > session to a Windows domain controller and authenticate himself to > Windows on the target system with a smart card/certificate > issued for > Windows domain login. > > Any help/tips appreciated; is what we're trying to do totally > off the > wall? > > Thanks, > > -John > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
