Hello Blake, On Wed, Jan 02, 2002 at 03:10:56PM -0700, Blake Barnett wrote: > We are looking at integrating VNC into our system. We currently utilize > PAM for our authentication wherever possible. Does anyone know of a > modified version of VNC or any other possibility of integrating VNC with > PAM? To "PAM-ify" VNC would require modifying both the clients and the > server, this does not seem like a viable solution for us. > Note that we store all our users in an LDAP directory (NDS) and if VNC > were LDAP-enabled that may solve the problem as well... > Currently VNC supports only a challenge/auth system which does not send > the username & password. A more complete description is on the VNC > project page. > Anyone have any ideas or suggestions as to how we could pull this off? I think it would be interesting if VNC were enabled with support for SASL. Unlike PAM, SASL is explicitly a network-oriented (client/server) API, and supports other authentication mechanisms similar to VNC's existing authentication scheme, where challenge-response is used to avoid sending passwords across the network. SASL also supports plaintext/unix/pam authentication as an option, so SASLizing of VNC would also solve that need, while still letting other people use, say, Kerberos authentication. HTH, Steve Langasek postmodern programmer
Attachment:
pgp00026.pgp
Description: PGP signature
