[winswitch] Secure TCP mode with --password-file

Antoine Martin antoine at nagafix.co.uk
Mon May 18 10:19:15 BST 2015


On 18/05/15 15:01, John Smith wrote:
> Hi,
>
> Recently, I have upgrade xpra from 0.14.x to 0.15.0 for my server (trusty)
> . And now I can't use --password-file option to secure tcp mode as before.
> Server use --password-file=<path/to/file/contains/password>, but client
> don't need to use --password-file to attach . I think the problems is xpra
> for server. If this is a bug, I will file a ticket about this.
Thanks for reporting this, it should now be fixed:
http://xpra.org/trac/changeset/9422
You can just make the same change to your /etc/xpra/xpra.conf

Note: in 0.15, we support having different authentication modules for 
tcp and unix-domain-sockets using the "--tcp-auth" flag.
(if unset, it will use the same value as the "--auth" flag as before)
So you can choose to have no authentication on the unix domain socket 
(--auth=none) which should be protected by regular unix file 
permissions, and have passwords (or other) only used for tcp sockets.

Cheers
Antoine




More information about the shifter-users mailing list