First a query if this is being worked on:
Is there a Kerberos Ticket Authentication module or method? I see that you can use a domain username password but would like to use Kerberos tickets for single sign on authentication.
If not:
A few questions/ideas about how to begin:
Should I use/modify a DSM Plugin?
Would I want to wrap/tunnel the connection and use a dummy(pre-configured normal password on client and server) password scheme
Having the tunneled connection use the kerberos ticket to authenticate.
I could possibly use PAM in linux to authenticate on the kerberos ticket.
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Kerberos Ticket Authentication
-
Rudi De Vos
- Admin & Developer
- Posts: 6978
- Joined: 2004-04-23 10:21
- Contact:
Re: Kerberos Ticket Authentication
being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Insite the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates wil still work and you can use any vnc flavor.
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
-
PenguinJeff
- Posts: 2
- Joined: 2014-04-30 15:10
Re: Kerberos Ticket Authentication
My thoughts where to grab the ssl tunnel plugin and add some code to it to use the kerberos ticket to authenticate.Rudi De Vos wrote:being worked on: No
To test, a seperate tunnel with auth and encryption ( why not adding socket encryption and compression) is the easiest.
vncviewer connect to tunnel <-->tunnel connect to server.
Inside the tunnel normal vnc auth.
This way you don't have to change a vnc bit...updates will still work and you can use any vnc flavor.
I was thinking the normal vnc auth that is sort of what I meant by dummy password scheme. The whole idea is a single sign on.
So I could just turn off passwords on VNC and require the tunnel. If I set it up correctly I could set the allowed kerberos tickets by changing the access permissions on a directory tied to my code.
Client side would start an ssl tunnel use the kerberos ticket to try and read a directory on the server side. If accepted open the vnc session.
Current Ideas in my head are thinking maybe a hidden share called something like vncpass$ set permissions on the share to only allow groups/users you want and my plugin could just use that to tell the client how to login. Hmm I might not need to do much at all. Maybe just share the place where the password is stored(the ultravnc config file) already with the permissions I want. I could have it randomize the password daily and only allowed users could read the config file with the passwords.