Opened 19 months ago
Last modified 16 months ago
#2933 new enhancement
Running xpra in a pod/container
Reported by: | louis-mulder | Owned by: | louis-mulder |
---|---|---|---|
Priority: | major | Milestone: | 4.2 |
Component: | server | Version: | 3.0.x |
Keywords: | Cc: |
Description (last modified by )
Hi All,
I am running the xpra proxy server as an Kubernetes ingress server. Therefor I merged the pam_auth.py
and exec_auth.py
to a new module pamexec_auth.py
and placed it in the Xpra tree. The following is done by this module first a normal validation with PAM and when this is a successful login it starts a script to create or re-connect a running Xpra pod with a predefined session. The script must return a string with the following form
testuser2|NA|545400003|545400003|tcp:192.168.81.136:14500|||
like the SQlite module. The script needs some information from the client side. (argv) In the server_core
module there is a def process_hello (XXXX)
place before the line capabilities = packet[1]
the line global capabilities
. The module pamexec
is then able to import capabilities and update the display with tcp:<ip-addres>
.
In the upcoming days when I have some time I will upload scripts etc. to https://github.com/louis-mulder/Xpra-VDI-Netes
Kindly regards Louis
Change History (4)
comment:1 Changed 19 months ago by
Description: | modified (diff) |
---|---|
Owner: | changed from Antoine Martin to louis-mulder |
comment:2 Changed 18 months ago by
Milestone: | 4.1 → 4.2 |
---|
Thanks to some refactoring in r28061:
- the code is now cleaner: the server makes fewer assumptions about how the challenge and response are stored in the client capabilities
- the authentication modules can access the capabilities directly in:
def authenticate(self, caps : typedict) -> bool:
You should base your own module around this new interface. (probably too late for 4.1 though)
comment:4 Changed 16 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2933
Using
global
is a bad idea.Instead, the code should be modified to pass capabilities to the authentication module.
Please attach a patch or point to your changes when they are ready.