Changes between Version 6 and Version 7 of Authentication
- Timestamp:
- 11/07/13 05:03:56 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Authentication
v6 v7 3 3 {{{#!div class="box" 4 4 == Introduction == 5 The documentation here applies to version 0.11 and later. Older versions only support the "{{{--password-file}}}" authentication .5 The documentation here applies to version 0.11 and later. Older versions only support the "{{{--password-file}}}" authentication mode. 6 6 7 7 When using ssh to connect to a server, [/wiki/Encryption] and authentication can be skipped. 8 8 9 9 Xpra's authentication modules can be useful for: 10 * when using TCP sockets11 * when making the unix domain socket accessible to other users12 * whenusing the [/wiki/ProxyServer Proxy Server] mode10 * securing TCP sockets 11 * making the unix domain socket accessible to other users safely 12 * using the [/wiki/ProxyServer Proxy Server] mode 13 13 }}} 14 14 … … 25 25 * {{{sys}}} is a virtual module which will choose win32 or pam 26 26 }}} 27 28 {{{#!div class="box" 29 == Password File == 30 31 When used without the [/wiki/ProxyServer Proxy Server], the password file can contain a simple password in plain text. 32 [[BR]] 33 See [/ProxyServer#FileAuthenticationExtras proxy server file authentication] for more advanced usage. 34 }}} 35 36 {{{#!div class="box" 37 == Security Considerations == 38 39 * the password is never sent in plain text over the wire, the authentication modes that require the password to be sent to the server unhashed ({{{sys}}}: {{{pam}}} and {{{win32}}}) will refuse to run without [/wiki/Encryption Encryption] 40 * when used over TCP sockets, password authentication is vulnerable to man-in-the-middle attacks where an attacker could intercept the initial exchange and use the stolen authentication challenge to access the session, [/wiki/Encryption Encryption] prevents that 41 * the client does not verify the authenticity of the server, [/wiki/Encryption Encryption] does 42 }}}