xpra icon
Bug tracker and wiki

Changes between Version 37 and Version 38 of ProxyServer


Ignore:
Timestamp:
05/08/18 18:08:21 (2 weeks ago)
Author:
Antoine Martin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ProxyServer

    v37 v38  
    159159* you can specify more than one remote session string for each username and password pair using CSV format - but the client will then have to specify which one it wants on the connection URL
    160160}}}
     161
     162
     163{{{#!div class="box"
     164== Username Matters ==
     165
     166The proxy server can also be used to expose all local sessions dynamically.
     167This is what the [/wiki/Service] (aka "system wide proxy server") does.
     168
     169In this case, the username, uid and gid are used to locate all the sessions for the user once it has authenticated, in the same way that a user can list sessions by running {{{xpra list}}}.
     170This type of proxy server usually runs as root to be able to access the sessions for multiple users.
     171
     172This mode of operation cannot be used with the {{{sqlite}}} or {{{multifile}}} authentication modules since those modules specify the list of sessions explicitly.
     173
     174For some authentication modules the uid and gid can be derived from the username automatically using the password database (ie: {{{pam}}}, others allow for it to be specified as a module option (ie: {{{--tcp-auth=ldap,uid=xpraproxy,gid=xpraproxy}}}) which makes it possible for non-local accounts to execute the proxy process instance as a non-root user.
     175The default value of "nobody" uid and "nobody" gid may or may not have sufficient privileges for executing a proxy process instance.
     176
     177You should not use the {{{file}}}, {{{env}}} or {{{exec}}} authentication modules, as those would allow access to all usernames with the same password value.
     178}}}