Am 27.07.2018 um 19:46 schrieb Foxtrot Mike via arch-general:
On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
Here are the major tasks:
1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am
a little confused. There are supposedly many different ways with
little changes to do this. [1] is one solution. LDAP is also a
possibility. I need advice from someone who knows this field better
than me :p
2- How to ask i3-wm (my default wm) to run freerdp at login? I guess
[2] will get this done.
3- How to ask freerdp to authenticate using the ticket received from
TGT during LightDM Domain authentication? If I could somehow
configure freerdp to use Kerberos Tickets then the user won't have to
enter his Domain password again.
4- How to ask i3-wm to close the X-session when freeRDP quits? I read
something a while ago about .xsession files to achieve this
functionality, but can't find it now.
Hi Mike,
You have some options here. I suggest you look into x2go and ltsp for
starters.
I don't suggest you use plain X over the network.
With those 2 options you can have this kiosk mode you want, for the
users to only
be able to access windows.
Regards,
Giancarlo Razzolini
Thanks for the reply.
The issue with x2go and ltsp is that I'll have to separately manage
username and passwords for local Linux login. The solution that I'd
rather prefer would use Active directory authentication so the current
system administrator won't have to do anything extra. The group policies
are already there. Once the Arch system is properly configured, I'd
disable local logins so there will be very limited chance for a user to
corrupt/modify Arch system. And ideally, the user would have no way to
interact with the local system. Thats why I want to limit the user to
freeRDP. Anything else, and the X-session expires.
Plus, I am very much into embedded linux systems (routers, SBCs, etc). I
think putting the various pieces together would be give me a lot more to
learn as compared to using a third party specialized software such as a
kiosk script.
Regards.
The Arctica Project seems to be in the process of implementing exactly
what you want.
https://arctica-project.org/
https://github.com/ArcticaProject/remote-logon-service
Regards,
Andy