I think I didn't explain myself well, what you explain here is the usual behaviour on which Xvnc is executed, what I'm trying to do is to connect to an existing vnc service (provided by qemu-kvm) and which doesn't ask for a password.
If you test the setup of xrdp you descrive here against my vnc service It asks me for the user and password and then displays on the connection log window: connecting to sesman ip 127.0.0.1 port 3350 sesman connect ok sending login info to sesman xrdp_mm_process_login_response: login successful for displa started connecting connecting to 127.0.0.1 5910 error - problem connecting For what I see I believe that it is trying to execute Xvnc and then connect to the port on which it would be listening (5910), if I specify the port that I'd like to connect to, so that no Xvnc is launched but instead a connection is opened to the existing vnc server the connection log doesn't show any sesman stuff and instead it directly starts with: started connecting connecting to 127.0.0.1 5900 tcp connected security level is 1 (1 = none, 2 = standard) sending share flag receiving server init receiving pixel format receiving name length receiving name sending pixel format sending encodings sending framebuffer update request sending cursor connection complete, connected ok And this happens either if you enter the right credentials or the wrong ones. What you see here is that no verification is done as the service to which one connects doesn't require authentication. What I'd like to do is make sessman ask for a certain user and verify it against the allowed groups/users even if the underlying vnc service doesn't require authentication. Is this possible with current code? if not... does it seem easy (for a newbie to rdp, vnc and xrdp) to implement? hints? Regards. 2010/8/31 Nicola Ruggero <nic...@nxnt.org>: > 2010/8/30 Santiago Garcia Mantinan <ma...@manty.net>: >> I'd like to know if there is a way to configure xrdp so that it >> authenticates a session and then connect to an spawned vnc >> passwordless kvm session. >> >> If I try to put the port here instead of the -1 default having it like this: >> > > Mmm I don't think you have to change xrdp.ini configuration, default > settings are enough. > > Here what te default settings do: > 1. user connects to xrdp > 2. xrdp authenticate the user using unix /etc/passwd > 3. xrdp open a new sesman session > 4. sesman run Xvnc using "-rfbauth > /home/<username>/.vnc/sesman_<username>_passwd" so no password is > required (is inside the file) > > In this way the only authentication you have is by xrdp against /etc/passwd. > > Here xrdp.ini: > > [globals] > bitmap_cache=yes > bitmap_compression=yes > port=3389 > crypt_level=low > channel_code=1 > > [xrdp1] > name=sesman-Xvnc > lib=libvnc.so > username=ask > password=ask > ip=127.0.0.1 > port=-1 > > Here sesman.ini: > > [Globals] > ListenAddress=127.0.0.1 > ListenPort=3350 > EnableUserWindowManager=1 > UserWindowManager=startwm.sh > DefaultWindowManager=startwm.sh > > [Security] > AllowRootLogin=0 > MaxLoginRetry=4 > TerminalServerUsers=tsusers > TerminalServerAdmins=tsadmins > > [Sessions] > X11DisplayOffset=10 > MaxSessions=120 > KillDisconnected=0 > IdleTimeLimit=0 > DisconnectedTimeLimit=0 > > [Logging] > LogFile=/var/log/xrdp-sesman.log > LogLevel=DEBUG > EnableSyslog=0 > SyslogLevel=DEBUG > > [X11rdp] > param1=-bs > param2=-ac > param3=-nolisten > param4=tcp > > [Xvnc] > param1=-bs > param2=-ac > param3=-nolisten > param4=tcp > > Vnc password filename is hard coded in file sesman/env.c, but you can > ovveride it using "AuthFilePath: <vnc_passwd_file>" entry in > [Globals]. > > See: > sesman/enc.c > sesman/config.c (function config_read_globals) > man Xvnc (-rfbauth section) > > -- > Nicola > -- Manty/BestiaTester -> http://manty.net ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
