xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Changes between Version 1 and Version 2 of Authentication


Ignore:
Timestamp:
11/07/13 04:45:19 (8 years ago)
Author:
Antoine Martin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Authentication

    v1 v2  
    11= Authentication =
     2
     3The documentation here applies to version 0.11 and later. Older versions only support the "{{{--password-file}}}" authentication.
    24
    35When using ssh to connect to a server, [/wiki/Encryption] and authentication can be skipped.
     
    810* when using the [/wiki/ProxyServer Proxy Server] mode
    911
     12== Modules ==
     13The authentication module used is specified using the "{{{--auth=MODULE}}}" switch.
     14[[BR]]
     15Here are the modules that can be used:
     16* [/browser/xpra/trunk/src/xpra/server/auth/allow_auth.py allow]: always allows the user to login - dangerous / only for testing
     17* [/browser/xpra/trunk/src/xpra/server/auth/fail_auth.py fail]: always fails authentication - useful for testing
     18* [/browser/xpra/trunk/src/xpra/server/auth/file_auth.py file]: looks up usernames and password in the password file (more on that below)
     19* [/browser/xpra/trunk/src/xpra/server/auth/pam.py pam]: linux PAM authentication
     20* [/browser/xpra/trunk/src/xpra/server/auth/win32_auth.py win32]: win32security authentication
     21* {{{sys}}} is a virtual module which will choose win32 or pam
     22
     23== File Authentication ==
     24
     25When using the "{{{file_auth}}}" module, one must specify the extra command line argument "{{{--password-file=FILENAME}}}" to point to the authentication data.
     26
     27This file must contain one user per line using the format:
     28{{{
     29USERNAME|PASSWORD|UID|GID|SESSION_URI|ENV_VARS|SESSION_OPTIONS
     30}}}
     31Details:
     32* {{{SESSION_URI}}} is the usual xpra connection string, ie:
     33{{{
     34tcp:HOST:PORT
     35}}}
     36or
     37{{{
     38ssh:HOST:DISPLAY
     39}}}
     40* {{{ENV_VARS}}} is an optional attribute which can contain ";" separated name-value pairs which will affect the environment of the new process spawned after authentication.
     41* {{{SESSION_OPTIONS}}} is an optional attribute which can contain ";" separated name-value pairs which will override the client's connection settings and apply to the connection between the proxy and the real server only.
     42
     43
     44Note: for backwards compatibility, the {{{file_auth}}} module also supports a single password on a single line in the password file. (this is deprecated)
     45
     46
     47