Version 4 (modified by 7 years ago) (diff) | ,
---|
Authentication
The documentation here applies to version 0.11 and later. Older versions only support the "--password-file
" authentication.
When using ssh to connect to a server, wiki/Encryption and authentication can be skipped.
Xpra's authentication modules can be useful for:
- when using TCP sockets
- when making the unix domain socket accessible to other users
- when using the Proxy Server mode
Modules
The authentication module used is specified using the "--auth=MODULE
" switch.
Here are the modules that can be used:
- allow: always allows the user to login - dangerous / only for testing
- fail: always fails authentication - useful for testing
- file: looks up usernames and password in the password file (more on that below)
- pam: linux PAM authentication
- win32: win32security authentication
sys
is a virtual module which will choose win32 or pam
File Authentication
When using the "file_auth
" module, one must specify the extra command line argument "--password-file=FILENAME
" to point to the authentication data.
This file must contain one user per line using the format:
USERNAME|PASSWORD|UID|GID|SESSION_URI|ENV_VARS|SESSION_OPTIONS
Details:
SESSION_URI
is the usual xpra connection string of the actual target session, ie:tcp:HOST:PORT
orssh:HOST:DISPLAY
ENV_VARS
is an optional attribute which can contain ";" separated name-value pairs which will affect the environment of the new process spawned after authentication.SESSION_OPTIONS
is an optional attribute which can contain ";" separated name-value pairs which will override the client's connection settings and apply to the connection between the proxy and the real server only.
Note: for backwards compatibility, the file_auth
module also supports a single password on a single line in the password file. (this is deprecated)