On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote: > Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu: >> >> Here are the major tasks: >> >> 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am >> a little confused. There are supposedly many different ways with >> little changes to do this. [1] is one solution. LDAP is also a >> possibility. I need advice from someone who knows this field better >> than me :p >> >> 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess >> [2] will get this done. >> >> 3- How to ask freerdp to authenticate using the ticket received from >> TGT during LightDM Domain authentication? If I could somehow >> configure freerdp to use Kerberos Tickets then the user won't have to >> enter his Domain password again. >> >> 4- How to ask i3-wm to close the X-session when freeRDP quits? I read >> something a while ago about .xsession files to achieve this >> functionality, but can't find it now. >> > Hi Mike, > > You have some options here. I suggest you look into x2go and ltsp for > starters. > I don't suggest you use plain X over the network. > > With those 2 options you can have this kiosk mode you want, for the > users to only > be able to access windows. > > Regards, > Giancarlo Razzolini Thanks for the reply. The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires. Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script. Regards.
