Menu
▾
▴
Re: [rfbhackers] is anybody working on sercureVNC?
|
From: Tim J. <ml...@tj...> - 2003-04-07 22:17:32
|
On Monday 07 April 2003 22:15, Joe Ammann wrote: > I'll have to do some porting to Linux/Solaris anyway, and that seems > also to be a very nice opportunity to dive into the KDE X.509 handling > stuff. I presume you're talking about something like integration with > the Sphinx framework, aren't you? No, the Sphinx framework is only for groupware. Desktop Sharing allows a administrator to join a user's desktop using VNC. For this use case VNC's password authentication is very bad. The Desktop Sharing server runs with user permissions. Thus every user can replace the original server with a trojan horse that captures the administrators password (or at least gets the right token for a single challenge-response) and use it to access somebody else's desktop. The other problem is that it would be desirable if administrators could authenticate using their regular account, not with a password that is shared among administrators. So the part that I am most interested in is the handshake to negotiate the authentication. My primary focus is Kerberos, as it allows administrators to authenticate using their regular accounts even on an untrusted machine. That's why I have planned to extend the protocol with a SASL mechanism. I did not start coding on this. The timeframe is KDE 3.2, which will probably be released in late summer or fall, but there is no schedule yet. Authentication using public-key certificates would be a bonus that I have also considered (as a solution for small companies and home users who don't have Kerberos servers), but not for the next KDE version. KDE has KSSL which can be used for managing certicficates and other things, but I am not familar with it. bye... |
