MS Logon as current user

Any feature you'd like to see in Ultr@VNC? Just propose it here.

MS Logon as current user

Postby yesod » 2004-07-19 19:29

I'd like to be able to logon as current user if the currently logged user is a member of the specified group in ms logon panel.
(no user/pass prompt)
yesod
 

Postby Marscha » 2004-07-20 07:58

I agree that this would be a great feature since it is the usage scenario I expect in most cases.
Unfortunately I think that this would require to change the VNC (authentication) protocol.
Besides that I have no idea how to implement this because Windows does not cache username and password from the Windows logon.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby yesod » 2004-07-20 12:33

You can get the currently logged user name with this function (in Delphi)

function GetMyNetUserName: string;
var
localName : array[0..255] of char;
userName : array[0..255] of char;
rc : Integer;
len : cardinal;
begin
FillChar(localname,sizeof(localName), #00 );
FillChar(userName, sizeof(userName), #00);
len := 255-1;
rc := WNetGetUser(localName,userName,len);
if ( rc <> 0 ) then
result := ''
else
result := strpas(userName);
end;


After that you can validate the username on active directory like you seem to do already
yesod
 

Postby Marscha » 2004-07-21 06:55

ok, username is no problem (you can even find it in the environment as USERNAME), but the password...
AFAIK the password is never ever stored somewhere, only something like a hash.
Maybe there is some way to authenticate with these stored credentials, but I don't know of it.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby Guest » 2004-08-13 13:39

Maybe you don't need the password for a domain user where the server and remote are in the same domain? You know that the user is already validated in the domain. Is it enough just to check that the domain user is a member of one of the access groups specified on the VNC sever?

This wouldn't work for local accounts or different domains, but would cover the most common admin situation. Does this make sense, or am I overlooking something?
Guest
 

Postby prandal » 2004-08-13 21:06

You could peek at Mozilla's Bug 231529 which seeks to do the same thing :-)
prandal
20
20
 
Posts: 36
Joined: 2004-06-08 15:24

Postby Rudi De Vos » 2004-08-13 21:28

Impersonation a user wil only work running as service
Running as application, you have a permission problem.
9.X/NT/W2K/XP handle the security different.
Possible, seperate code is needed for each OS.

Also, the server should pass the user name to the viewer.
"protocol change"
Without knowing the logged user, you don't have a clue for the password.

A simple thing can get a huge program :)
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5740
Joined: 2004-04-23 10:21


Return to Feature requests

Who is online

Users browsing this forum: No registered users and 2 guests

cron