Comments (12)
clbr
commented on June 26, 2024
There was no such separate password supported before? When using python
websockify, it had just one http password, just like now?
from kasmvnc.
commented on June 26, 2024
VNC supports a read-only view. websockify merely facilitated transport to the VNC service, the basic auth enforced by websockify had no bearing on the vnc connection. It was the vnc password used by the user that determined read-only view. We need to support a view-only connection with basic auth, as the vncpassword is no longer used.
"A view-only password must be separated from the normal password by a newline character."
https://tigervnc.org/doc/vncpasswd.html
from kasmvnc.
clbr
commented on June 26, 2024
Yes, but I don't understand what is broken. This sounds like a new functionality?
from kasmvnc.
clbr
commented on June 26, 2024
That is, if you try to connect view-only using the current password, does it not work?
from kasmvnc.
clbr
commented on June 26, 2024
A new, separate username/password for view-only connections is relatively quick.
from kasmvnc.
commented on June 26, 2024
One moment, let me think about this.
from kasmvnc.
commented on June 26, 2024
Lets change the format of the .kasmvncpasswd as follows.
username:vjqJJ2QzipFv5qJDa3DOK1HKCVlaNEK6LqY2/Pbon7B:o
username2:vjqJJ2QzipFv5qJDa3DOK1HKCVlaNEK6LqY2/Pbon7B:w
username3:vjqJJ2QzipFv5qJDa3DOK1HKCVlaNEK6LqY2/Pbon7B:
column 1 - username
column 2 - encoded pw
column 3 - permissions of owner "o" and write "w", read is assumed for all users. So in the example, the owner currently has read access, username2 has read/write, and username3 read-only.
Changes to this file should be detected and applied on the fly.
- New users
- Removed users
- Changed passwords
- Changed permissions
Please look into the level of effort required to apply changes to permissions without requiring users to reconnect.
from kasmvnc.
mmcclaskey
commented on June 26, 2024
Testing latest changes. Chrome, Safari, and Firefox never prompts user to input basic auth credentials. Users are able to connect in read-only mode without creds or with wrong creds.
from kasmvnc.
clbr
commented on June 26, 2024
Can't reproduce. I get prompted, and empty creds or wrong creds get
rejected.
from kasmvnc.
clbr
commented on June 26, 2024
The "-basicauth foo:" param is still needed, but the user portion of it is ignored. This is so the users can still run without basicauth, or with a simple user:pass setup without the password file.
from kasmvnc.
commented on June 26, 2024
Confirmed missing -basicauth arg.
When a view only user connects and the resolution is set for server resize, it causes the server side to change resolution to the view only client's connection. While client side changes may be necessary here, the server side should ignore settings like resolution from the a view only client. Please review other settings that can be passed down to the server to see if they should be blocked from a view only user.
from kasmvnc.
clbr
commented on June 26, 2024
Added checks for all the kasm-specific client-settable settings.
from kasmvnc.
Related Issues (20)
- Hiding left settings Bar completely HOT 3
- Serverside - force quality settings HOT 23
- pass the username as a variable like "export username = hereshouldbethebasic-auth -username" HOT 3
- starting vncserver while passing username and password directly HOT 1
- running vncserver on a single user, allowing it to be path-based instead of port-based HOT 1
- Allow E-Mail Address as username HOT 3
- start without ssl does not work when setting: network.ssl.require_ssl to false in /etc/kasmvnc/kasmvnc.yaml HOT 1
- dose not work in subpath HOT 1
- KasmVNC crashes on openSUSE Leap 15.5 in LXC in Proxmox 8 HOT 5
- Black Screen when Anaconda is Installed HOT 1
- KasmVNC and keyboard interpretation in terminal HOT 2
- What is the proper way to run Firefox? HOT 1
- How to check whether WebRTC UDP is enabled successfully ? HOT 1
- How to use alpine install package? HOT 3
- Invalid rect encoding via UDP: xxxxx HOT 12
- Disable file manager? HOT 2
- Strange behavior with clipboard paste requiring click before pasting HOT 1
- Wayland support? HOT 16
- OpenSuse Rolling Support HOT 2
- Feature: Dual monitor support HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kasmvnc.