xpra icon
Bug tracker and wiki

Version 16 (modified by Antoine Martin, 5 years ago) (diff)

--

[[Image(...)]] Authentication


Introduction

The documentation here applies to version 0.11 and later. Older versions only support the "--password-file" authentication mode.

When using ssh to connect to a server, encryption and authentication can be skipped.

Xpra's authentication modules can be useful for:

  • securing TCP sockets
  • making the unix domain socket accessible to other users safely
  • using the Proxy Server mode

Modules

The authentication module used is specified using the --auth=MODULE switch. Starting with version 0.15, there is also a --tcp-auth=MODULE switch which allows a different authentication module to be used for TCP sockets.
Here are the modules that can be used:

  • allow: always allows the user to login, the username used is the one supplied by the client - dangerous / only for testing
  • none: always allows the user to login, the username used is the one the server is running as - dangerous / only for testing (requires version 0.12 or later)
  • fail: always fails authentication, no password required - useful for testing
  • reject: always fails authentication, pretends to ask for a password - useful for testing (requires version 0.12 or later)
  • file: looks up usernames and password in the password file (see below)
  • pam: linux PAM authentication
  • win32: win32security authentication
  • sys is a virtual module which will choose win32 or pam

Password File

When used without the Proxy Server, the password file can contain a simple password in plain text.
See proxy server file authentication for more advanced usage.

Security Considerations

  • the password is never sent in plain text over the wire, the authentication modes that require the password to be sent to the server unhashed (sys: pam and win32) will refuse to run without Encryption
  • when used over TCP sockets, password authentication is vulnerable to man-in-the-middle attacks where an attacker could intercept the initial exchange and use the stolen authentication challenge response to access the session, Encryption prevents that
  • the client does not verify the authenticity of the server, Encryption does