xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.

Opened 5 years ago

Last modified 9 months ago

#1480 closed defect

Proxy with --auth=allow does not work — at Version 1

Reported by: Denis01 Owned by: Denis01
Priority: major Milestone: 2.1
Component: server Version: trunk
Keywords: Cc:

Description (last modified by Antoine Martin)

Proxy connection
Using HTML client and code (below) to connect thru Proxy

$ cat > multifile.txt <<EOF 
$ xpra start --start-child=/bin/gnome-calculator --bind-tcp= :100 -d auth 
$ xpra proxy :13 --bind-tcp=  --tcp-auth=multifile:filename=multifile.txt -d auth


  • multifile.txt
  • ./multifile.txt
  • /multifile.txt

and all the time "Error: password file is missing"
Thank you

Change History (1)

comment:1 Changed 5 years ago by Antoine Martin

Component: androidserver
Description: modified (diff)
Milestone: 2.1
Owner: changed from Antoine Martin to Denis01

I believe that you're being bitten by the same issue as ticket:1264#comment:7 : you have to use absolute paths for filenames when the server daemonizes. r15488 now allows relative file paths.
(please always specify what version you are running)

Relevant excerpts from the proxy's "-d auth" log output should look like this:

init_auth(..) auth class=None, tcp auth class=('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': 'multifile.txt'}), ssl auth class=('multifile', <class 'xpra.server.auth.multifile_auth.Authenticator'>, {'filename': 'multifile.txt'}), vsock auth class=None
Authentication required by multi password file authenticator module
 sending challenge for username 'ubuntu1' using hmac+sha512 digest
processing authentication with multi password file, response=f919cd5..., client_salt=646261..., challenge_sent=True, digest_modes=['hmac', 'xor', 'hmac+whirlpool', 'hmac+sha512', 'hmac+sha384', 'hmac+sha256', 'hmac+sha224', 'hmac+sha1', 'hmac+sha', 'hmac+ripemd160', 'hmac+md5', 'hmac+md4', 'hmac+ecdsa-with-SHA1', 'hmac+dsaWithSHA', 'hmac+dsaEncryption', 'hmac+SHA512', 'hmac+SHA384', 'hmac+SHA256', 'hmac+SHA224', 'hmac+SHA1', 'hmac+SHA', 'hmac+RIPEMD160', 'hmac+MD5', 'hmac+MD4', 'hmac+DSA-SHA', 'hmac+DSA']
authenticate_hmac(f919cd57..., dba8c52b7...)
loaded 94 bytes from 'multifile.txt'
authenticate: auth-info(ubuntu1)=('secretpassword1', 1000, 1000, [':100'], {}, {})
multifile authenticate_hmac(f919cd..) password='secretpassword1', hex(salt)=0601560e560.., hash=f919cd57...
authentication challenge passed

@Denis01: please close if that works for you.
Please also edit the title: AFAIK, this has nothing to do with auth=allow.

Last edited 5 years ago by Antoine Martin (previous) (diff)
Note: See TracTickets for help on using tickets.