First a query if this is being worked on:
Is there a Kerberos Ticket Authentication module or method? I see that you can use a domain username password but would like to use Kerberos tickets for single sign on authentication.
If not:
A few questions/ideas about how to begin:
Should I use/modify a DSM Plugin?
Would I want to wrap/tunnel the connection and use a dummy(pre-configured normal password on client and server) password scheme
Having the tunneled connection use the kerberos ticket to authenticate.
I could possibly use PAM in linux to authenticate on the kerberos ticket.
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Kerberos Ticket Authentication
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Kerberos Ticket Authentication
being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
-
PenguinJeff
- Posts: 2
- Joined: 2014-04-30 15:10
Re: Kerberos Ticket Authentication
My thoughts where to grab the ssl tunnel plugin and add some code to it to use the kerberos ticket to authenticate.Rudi De Vos wrote:being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Inside the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates will still work and you can use any vnc flavor.
I was thinking the normal vnc auth that is sort of what I meant by dummy password scheme. The whole idea is a single sign on.
So I could just turn off passwords on VNC and require the tunnel. If I set it up correctly I could set the allowed kerberos tickets by changing the access permissions on a directory tied to my code.
Client side would start an ssl tunnel use the kerberos ticket to try and read a directory on the server side. If accepted open the vnc session.
Current Ideas in my head are thinking maybe a hidden share called something like vncpass$ set permissions on the share to only allow groups/users you want and my plugin could just use that to tell the client how to login. Hmm I might not need to do much at all. Maybe just share the place where the password is stored(the ultravnc config file) already with the permissions I want. I could have it randomize the password daily and only allowed users could read the config file with the passwords.