Running xpra in a pod/container

[louis-mulder]

Hi All,

I am running the xpra proxy server as an Kubernetes ingress server. Therefor I merged the pam_auth.py and exec_auth.py to a new module pamexec_auth.py and placed it in the Xpra tree. The following is done by this module first a normal validation with PAM and when this is a successful login it starts a script to create or re-connect a running Xpra pod with a predefined session. The script must return a string with the following form

testuser2|NA|545400003|545400003|tcp:192.168.81.136:14500|||

like the SQlite module. The script needs some information from the client side. (argv) In the server_core module there is a def process_hello (XXXX) place before the line capabilities = packet[1] the line global capabilities. The module pamexec is then able to import capabilities and update the display with tcp:<ip-addres>.
In the upcoming days when I have some time I will upload scripts etc. to ​https://github.com/louis-mulder/Xpra-VDI-Netes

Kindly regards Louis

[Antoine Martin]

global capabilities

Using global is a bad idea.
Instead, the code should be modified to pass capabilities to the authentication module.

Please attach a patch or point to your changes when they are ready.

[Antoine Martin]

Thanks to some refactoring in r28061:

• the code is now cleaner: the server makes fewer assumptions about how the challenge and response are stored in the client capabilities
• the authentication modules can access the capabilities directly in:

  def authenticate(self, caps : typedict) -> bool:
  

You should base your own module around this new interface. (probably too late for 4.1 though)