First a query if this is being worked on:
Is there a Kerberos Ticket Authentication module or method? I see that you can use a domain username password but would like to use Kerberos tickets for single sign on authentication.
If not:
A few questions/ideas about how to begin:
Should I use/modify a DSM Plugin?
Would I want to wrap/tunnel the connection and use a dummy(pre-configured normal password on client and server) password scheme
Having the tunneled connection use the kerberos ticket to authenticate.
I could possibly use PAM in linux to authenticate on the kerberos ticket.
Kerberos Ticket Authentication
3 posts
• Page 1 of 1
Kerberos Ticket Authentication
by PenguinJeff » 2014-04-30 15:33
- PenguinJeff
- Posts: 2
- Joined: 2014-04-30 15:10
Re: Kerberos Ticket Authentication
by Rudi De Vos » 2014-04-30 19:30
being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
- Rudi De Vos
- Admin & Developer
- Posts: 5350
- Joined: 2004-04-23 10:21
Re: Kerberos Ticket Authentication
by PenguinJeff » 2014-05-01 16:12
Rudi De Vos wrote:being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Inside the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates will still work and you can use any vnc flavor.
My thoughts where to grab the ssl tunnel plugin and add some code to it to use the kerberos ticket to authenticate.
I was thinking the normal vnc auth that is sort of what I meant by dummy password scheme. The whole idea is a single sign on.
So I could just turn off passwords on VNC and require the tunnel. If I set it up correctly I could set the allowed kerberos tickets by changing the access permissions on a directory tied to my code.
Client side would start an ssl tunnel use the kerberos ticket to try and read a directory on the server side. If accepted open the vnc session.
Current Ideas in my head are thinking maybe a hidden share called something like vncpass$ set permissions on the share to only allow groups/users you want and my plugin could just use that to tell the client how to login. Hmm I might not need to do much at all. Maybe just share the place where the password is stored(the ultravnc config file) already with the permissions I want. I could have it randomize the password daily and only allowed users could read the config file with the passwords.
- PenguinJeff
- Posts: 2
- Joined: 2014-04-30 15:10
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest