Transparent authentication

[NoFastidies]

Is it possible for UltraVNC to use MS logon transparently without asking username/password just like any other domain application does (IE, Firefox, WSH, ...)?

[X3]

just one topic below yours asking pretty much the same...

[topic=12169][/topic]

[NoFastidies]

just one topic below yours asking pretty much the same...

[topic=12169][/topic]

No, it is different. If you do not supply vnc password you won't be able to connect at all regardless of whatever you've choosen MS logon or not. This is what the link above is about.

Here I am asking if it is possible to setup transparent authentication for MS Logon when username and password are automatically negotiated without need to enter them explicitly. IIRC it is called domain SSPI.

[X3]

ask Redge...

Im having issues with both mslogon and mslogonII

I rather input passwords anywho...

[redge]

FAQ
[topic=8051][/topic]

[plastikat]

the subj is also called a 'single sign-on' and the developers say that it's not possible with 1.0.5 release (i've read it at some other part of this forum, sorry, haven't saved the link).

if someone is still intrested, i can share my solution to this subject, which is simplier than the one mentioned above (because it requires to 3d-party tools), but as a disadvantage it's a bit less secure...

the vncviewer executable (vncviewer.exe) has (among others) these command-line options:
[/user msuser] [/password clearpassword]

to launch vncviewer i use a prepared set of settings files (*.vnc), one for each workstation (this file type is assumed to be registered). so i've simply edited the command line used for 'open' action of this file type by adding the options, mentioned above, and supplying appropriate username and password - and, voila, i have 'almost transparent' authentication :) BUT! alas, as any other writing down of cleartext passwords, it's a security risk :(

to make it more secure i've edited the corresponding registry key's permisions with regedit (by removing inheritance and all entries but one administrative group, giving it 'full control' rights) - if you don't know how to do it, then you are not advised to do it (and - if security is your aim - shouldn't use this method at all)

also, if you launch vncviewer by itself, you may probably do pretty much the same by launching it with a batch file instead and securing this batch with the usual file permisions - but it's an assumption only - i have not tested it )

[yossik]

plastikat
could you give me a sample of the command line used to conect?

[plastikat]

yossik:

if using the method with file association (which i've mentioned in my post) then the corresponding registry entry should look like this:
[HKEY_CLASSES_ROOT\VncViewer.Config\shell\open\command]
(default)="C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword -config "%1"

if using the regular command line:
vncviewer.exe -user YourUserName -password YourUserPassword YourHostName
(add any other options you need)
the regular command line method works, i've tested it;
one can write a simple batch file, which would contain YourUserName and YourUserPassword, and would accept YourHostName as a parameter.

[yossik]

i ran this command

"C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword hostname

and it still prompted me for my user name and password

[ricka]

yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.

[yossik]

yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.

How could i find out what Server version I have?

[ricka]

When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.

[yossik]

When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.

Thanks