xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.

Changes between Version 1 and Version 2 of Authentication

11/07/13 04:45:19 (8 years ago)
Antoine Martin



  • Authentication

    v1 v2  
    11= Authentication =
     3The documentation here applies to version 0.11 and later. Older versions only support the "{{{--password-file}}}" authentication.
    35When using ssh to connect to a server, [/wiki/Encryption] and authentication can be skipped.
    810* when using the [/wiki/ProxyServer Proxy Server] mode
     12== Modules ==
     13The authentication module used is specified using the "{{{--auth=MODULE}}}" switch.
     15Here are the modules that can be used:
     16* [/browser/xpra/trunk/src/xpra/server/auth/allow_auth.py allow]: always allows the user to login - dangerous / only for testing
     17* [/browser/xpra/trunk/src/xpra/server/auth/fail_auth.py fail]: always fails authentication - useful for testing
     18* [/browser/xpra/trunk/src/xpra/server/auth/file_auth.py file]: looks up usernames and password in the password file (more on that below)
     19* [/browser/xpra/trunk/src/xpra/server/auth/pam.py pam]: linux PAM authentication
     20* [/browser/xpra/trunk/src/xpra/server/auth/win32_auth.py win32]: win32security authentication
     21* {{{sys}}} is a virtual module which will choose win32 or pam
     23== File Authentication ==
     25When using the "{{{file_auth}}}" module, one must specify the extra command line argument "{{{--password-file=FILENAME}}}" to point to the authentication data.
     27This file must contain one user per line using the format:
     32* {{{SESSION_URI}}} is the usual xpra connection string, ie:
     40* {{{ENV_VARS}}} is an optional attribute which can contain ";" separated name-value pairs which will affect the environment of the new process spawned after authentication.
     41* {{{SESSION_OPTIONS}}} is an optional attribute which can contain ";" separated name-value pairs which will override the client's connection settings and apply to the connection between the proxy and the real server only.
     44Note: for backwards compatibility, the {{{file_auth}}} module also supports a single password on a single line in the password file. (this is deprecated)