Transparent authentication

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Transparent authentication

Postby NoFastidies » 2008-02-26 13:08

Is it possible for UltraVNC to use MS logon transparently without asking username/password just like any other domain application does (IE, Firefox, WSH, ...)?
NoFastidies
20
20
 
Posts: 39
Joined: 2007-02-02 10:47
Location: Everywhere (sometimes in more than one place)

Re: Transparent authentication

Postby X3 » 2008-02-26 13:18

just one topic below yours asking pretty much the same...

RFE: MS Logon II without password set
Regards

Image
X3
100
100
 
Posts: 282
Joined: 2007-12-11 08:50
Location: 51.30 N 0.10 W

Re: Transparent authentication

Postby NoFastidies » 2008-02-26 13:27

X3 wrote:just one topic below yours asking pretty much the same...

RFE: MS Logon II without password set


No, it is different. If you do not supply vnc password you won't be able to connect at all regardless of whatever you've choosen MS logon or not. This is what the link above is about.

Here I am asking if it is possible to setup transparent authentication for MS Logon when username and password are automatically negotiated without need to enter them explicitly. IIRC it is called domain SSPI.
NoFastidies
20
20
 
Posts: 39
Joined: 2007-02-02 10:47
Location: Everywhere (sometimes in more than one place)

Re: Transparent authentication

Postby X3 » 2008-02-26 13:44

ask Redge... ;)

Im having issues with both mslogon and mslogonII

I rather input passwords anywho...
Last edited by X3 on 2008-02-26 13:45, edited 1 time in total.
Regards

Image
X3
100
100
 
Posts: 282
Joined: 2007-12-11 08:50
Location: 51.30 N 0.10 W

Re: Transparent authentication

Postby redge » 2008-05-12 22:47

UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Transparent authentication

Postby plastikat » 2008-11-19 16:02

the subj is also called a 'single sign-on' and the developers say that it's not possible with 1.0.5 release (i've read it at some other part of this forum, sorry, haven't saved the link).

if someone is still intrested, i can share my solution to this subject, which is simplier than the one mentioned above (because it requires to 3d-party tools), but as a disadvantage it's a bit less secure...

the vncviewer executable (vncviewer.exe) has (among others) these command-line options:
[/user msuser] [/password clearpassword]

to launch vncviewer i use a prepared set of settings files (*.vnc), one for each workstation (this file type is assumed to be registered). so i've simply edited the command line used for 'open' action of this file type by adding the options, mentioned above, and supplying appropriate username and password - and, voila, i have 'almost transparent' authentication :) BUT! alas, as any other writing down of cleartext passwords, it's a security risk :(

to make it more secure i've edited the corresponding registry key's permisions with regedit (by removing inheritance and all entries but one administrative group, giving it 'full control' rights) - if you don't know how to do it, then you are not advised to do it (and - if security is your aim - shouldn't use this method at all)

also, if you launch vncviewer by itself, you may probably do pretty much the same by launching it with a batch file instead and securing this batch with the usual file permisions - but it's an assumption only - i have not tested it )
plastikat
 
Posts: 5
Joined: 2008-11-19 15:00
Location: Russian Federation

Re: Transparent authentication

Postby yossik » 2009-03-31 18:53

plastikat
could you give me a sample of the command line used to conect?
yossik
 
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Postby plastikat » 2009-08-04 08:13

yossik:

if using the method with file association (which i've mentioned in my post) then the corresponding registry entry should look like this:
[HKEY_CLASSES_ROOT\VncViewer.Config\shell\open\command]
(default)="C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword -config "%1"

if using the regular command line:
vncviewer.exe -user YourUserName -password YourUserPassword YourHostName
(add any other options you need)
the regular command line method works, i've tested it;
one can write a simple batch file, which would contain YourUserName and YourUserPassword, and would accept YourHostName as a parameter.
Last edited by plastikat on 2009-08-04 08:17, edited 1 time in total.
plastikat
 
Posts: 5
Joined: 2008-11-19 15:00
Location: Russian Federation

Re: Transparent authentication

Postby yossik » 2009-08-04 15:48

i ran this command

"C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword hostname

and it still prompted me for my user name and password
yossik
 
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Postby ricka » 2009-10-20 17:00

yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.
ricka
 
Posts: 4
Joined: 2006-06-16 15:37

Re: Transparent authentication

Postby yossik » 2009-10-20 17:18

ricka wrote:yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.


How could i find out what Server version I have?
yossik
 
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Postby ricka » 2009-10-20 18:01

When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.
ricka
 
Posts: 4
Joined: 2006-06-16 15:37

Re: Transparent authentication

Postby yossik » 2009-10-20 18:15

ricka wrote:When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.


Thanks
yossik
 
Posts: 4
Joined: 2009-03-31 18:48


Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 1 guest