Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

per socket authentication and encryption configuration #1160

Closed
totaam opened this issue Apr 8, 2016 · 12 comments
Closed

per socket authentication and encryption configuration #1160

totaam opened this issue Apr 8, 2016 · 12 comments

Comments

@totaam
Copy link
Collaborator

totaam commented Apr 8, 2016

Issue migrated from trac ticket # 1160

component: server | priority: critical | resolution: fixed

2016-04-08 08:44:09: antoine created the issue


Split from #1159.
We should extend the socket configuration syntax to be able to configure authentication and encryption for each socket.
This would get rid of a number of command line arguments (which we would keep temporarily for backwards compatibility, probably also still used by the client command line).

ie: for just authentication (replacing the tcp-auth command line option):

xpra start \
    --bind-tcp=0.0.0.0:10000,auth=file:filename=password.txt

for encryption as well:

xpra start \
    --bind-tcp=0.0.0.0:10000,encryption=AES:keyfile=key.txt,auth=file:filename=password.txt
@totaam
Copy link
Collaborator Author

totaam commented Sep 13, 2016

2016-09-13 12:47:08: antoine changed status from new to assigned

@totaam
Copy link
Collaborator Author

totaam commented Mar 5, 2019

2019-03-05 02:02:29: antoine commented


See also #2125#comment:4

@totaam
Copy link
Collaborator Author

totaam commented Mar 20, 2019

2019-03-20 05:06:15: antoine commented


Milestone renamed

@totaam
Copy link
Collaborator Author

totaam commented Sep 13, 2019

2019-09-13 16:45:13: antoine changed priority from major to critical

@totaam
Copy link
Collaborator Author

totaam commented Sep 13, 2019

2019-09-13 16:45:13: antoine commented


Blocker for #2125.

@totaam
Copy link
Collaborator Author

totaam commented Sep 23, 2019

2019-09-23 08:22:36: antoine uploaded file per-socket-auth.patch (39.6 KiB)

work in progress patch

@totaam
Copy link
Collaborator Author

totaam commented Sep 23, 2019

2019-09-23 14:33:28: antoine commented


Done for authentication in r23895.
As a side-effect, we no longer initialize the authentication modules using the config object.

New related ticket: #2424.

@totaam
Copy link
Collaborator Author

totaam commented Oct 15, 2019

2019-10-15 17:01:46: antoine commented


r24142 fixes named pipes.

@totaam
Copy link
Collaborator Author

totaam commented Feb 10, 2020

2020-02-10 05:37:08: antoine changed status from assigned to closed

@totaam
Copy link
Collaborator Author

totaam commented Feb 10, 2020

2020-02-10 05:37:08: antoine set resolution to fixed

@totaam
Copy link
Collaborator Author

totaam commented Feb 10, 2020

2020-02-10 05:37:08: antoine commented


Per socket encryption options done in r25202 + r25203, fixup in r25209.

ie:

xpra start --start=xterm --bind-tcp=0.0.0.0:10000,encryption=AES,encryption-keyfile=./key.txt --bind-tcp=0.0.0.0:10001 -d crypto

Port 10000 uses encryption, and port 10001 does not.

See also #2460 (ssl) and #2583 (ssh).

@totaam totaam closed this as completed Feb 10, 2020
@totaam
Copy link
Collaborator Author

totaam commented Jun 2, 2020

2020-06-02 04:58:43: antoine commented


For client connection strings, see #2794.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant