[winswitch] unix authentication for TCP sessions?

Thomas Esposito tmesposito00 at gmail.com
Mon Nov 21 15:45:11 GMT 2016

First some background info...

I've been using Xpra at work. I have a RHEL 6.6 virtual machine, which I
believe uses LDAP for login authentication. I don't have root/admin
privileges, so in order to use Xpra, I have manually extracted the contents
of all of the required RPMs and modified my PYTHONPATH, PATH,
LD_LIBRARY_PATH, and MANPATH variables to point to where the RPMs are

Since I obviously can't install anything to "/etc", I have all of the
config files in "${HOME}/.xpra". For the beta version of xpra, this means
that I can't install any of the files in "/etc/pam.d" (which is new to the
1.0 beta).

In order to get good performance on my corporate intranet, I need to use
raw TCP with a port in the range 5900 5909 (i.e the ports used by VNC),
because this is prioritized on the network vs. ssh, which has very
inconsistent network performance. I'd like to use LDAP authentication for
my TCP sessions, but I'm not sure how to do this. I've tried setting
"--tcp-auth=pam" on the xpra command line, but the Win32 launcher reports
"Connection lost" when I try to connect. I get the following output in the
server-side log file (edited to remove IP addresses and user name):

2016-11-21 10:29:00,367 New tcp connection received from x.x.x.x:x
2016-11-21 10:29:00,369 Authentication required by PAM authenticator module
2016-11-21 10:29:00,369  sending challenge for username '<username>' using
xor digest
2016-11-21 10:29:00,511 client has requested disconnection: invalid digest
2016-11-21 10:29:00,512 Disconnecting client x.x.x.x:x:
2016-11-21 10:29:00,512  client request

Any idea how to get this working, keeping in mind the fact that I can't do
a normal install (i.e. write to "/etc") on the server side?

More information about the shifter-users mailing list