[winswitch] Unable to authenticate to xpra proxy

Eric Grammatico e.grammatico at gmail.com
Fri Jul 29 15:21:49 BST 2016


Hi Antoine,

Thanks ! That worked !

Thank you for your support.

Regards,


-
_/) Eric Grammatico.
28 juillet 2016 16:54 "Antoine Martin" <antoine at nagafix.co.uk> a écrit:
> On 28/07/16 21:17, Eric Grammatico wrote:
> 
>> Hi Antoine,
>> 
>> I have followed your suggestion to make a test with the last Beta for Centos 7. Thanks to this I
>> made some progress. Now the server sees client connexion attempt.
>> 
>> Please find below logs from client side:
>> $> xpra attach --username=eric --auth=env tcp:xspice.local:10000
> 
> As per my previous reply: "--auth" does not do anything for the client.
> 
>> 2016-07-28 15:23:23,425 Xpra gtk2 client version 1.0-r13105 64-bit
>> 2016-07-28 15:23:23,425 running on Linux Fedora 23 TwentyThree
>> 2016-07-28 15:23:23,426 Warning: failed to import opencv:
>> 2016-07-28 15:23:23,426 No module named cv2
>> 2016-07-28 15:23:23,426 webcam forwarding is disabled
>> 2016-07-28 15:23:23,623 GStreamer version 1.6 for Python 2.7 64-bit
>> -:6: error: unexpected character ':', expected character '}'
>> -:6: error: unexpected character ':', expected character '}'
> 
> Still not sure where this is from.
> The output "xpra _sound_query" that you sent doesn't contain it, so this
> must be coming from somewhere else.
> 
> (snip)
> 
>> 2016-07-28 13:23:24,482 Authentication required by multi password file authenticator module
>> 2016-07-28 13:23:24,485 sending challenge for 'eric' using hmac digest
>> Warning: invalid option: 'shadow-fullscreen'
> 
> This warning is probably due to an old /etc/xpra/xpra.conf laying
> around. Make sure to install the latest one that comes with the RPM
> package. (maybe it was installed as rpmnew?)
> 
>> desc={'local': False, 'host': '172.19.0.2', 'display_name': 'tcp:172.19.0.2:10000', 'port': 10000,
>> 'type': 'tcp'}
>> 2016-07-28 13:23:25,577 read thread of None has not yet exited (timeout=0.6)
>> 2016-07-28 13:23:25,578 some network IO threads have failed to terminate!
>> Traceback (most recent call last):
>> File "/usr/lib64/python2.7/multiprocessing/queues.py", line 266, in _feed
>> send(obj)
>> IOError: [Errno 32] Broken pipe
> 
> There was a problem with the naming of the RPM packages in the beta
> area, so you may have ended up downloading an older build. Sorry about that.
> The latest version does include the fix for this particular bug,
> included right at the top:
> http://xpra.org/trac/ticket/1264
> 
> Please try downloading again, you may have to:
> yum remove xpra xpra-common
> yum clean all
> Before you yum install again.
> The package file should have today's date in the filename.
> 
> (snip)
> 
>> Regarding the new URL format to attach from the client (eg: tcp/username:password at IPADDRESS:PORT),
>> will it be supported in the multifile authentication module ?
> 
> Not yet, but this could be added. Please file a ticket.
> 
>> the auth file could looks like this:
>> eric|bonjour|1000|1000|tcp/eric:bonjour at 172.19.0.2:10000|EXAMPLE_ENV=VALUE|compression=0
>> This way, the servers are proxied, but still secured with password to avoid direct connexion from
>> the local area.
> 
> You can achieve this already by adding your username and password to the
> session options (where compression=0 is set). ie:
> eric|bonjour|1000|1000|172.19.0.2:10000|EXAMPLE_ENV=VALUE|username=eric,password=bonjour,compression
> 0
> 
> Cheers
> Antoine
> 
>> Thanks and best regards,
>> 
>> -
>> _/) Eric Grammatico.
>> 27 juillet 2016 17:09 "Antoine Martin" <antoine at nagafix.co.uk> a écrit:
>>> On 27/07/16 21:08, Eric Grammatico wrote:
>>> 
>>>> Hello There,
>>>> 
>>>> I am evaluating xpra proxy feature, and I am desperately trying to setup authentication. Here is
>>>> commands launch from client side and logs:
>>>> 
>>>> [eric at lys ~]$ export XPRA_PASSWORD="bonjour"
>>>> [eric at lys ~]$ xpra attach --username=eric --tcp-auth=env tcp:192.168.122.125:10000
>>> 
>>> FYI: authentication modules are used to verify client authentication
>>> tokens, they are not used by the client.
>>> Client side, use the "password-file" option, or the XPRA_PASSWORD
>>> environment variable.
>>> 
>>> Newer versions will also support this form:
>>> xpra attach tcp/username:password at IPADDRESS:PORT
>>> 
>>>> 2016-07-27 16:01:37,203 Xpra gtk2 client version 0.17.4-r12942
>>>> 2016-07-27 16:01:37,203 running on Linux Fedora 23 Twenty Three
>>>> 2016-07-27 16:01:37,203 Warning: failed to import opencv:
>>>> 2016-07-27 16:01:37,204 No module named cv2
>>>> 2016-07-27 16:01:37,204 webcam forwarding is disabled
>>>> 2016-07-27 16:01:37,389 GStreamer version 1.6 for Python 2.7
>>>> -:6: error: unexpected character ':', expected character '}'
>>>> -:6: error: unexpected character ':', expected character '}'
>>> 
>>> That's odd, can you please post the output of:
>>> xpra _sound_query
>>> 
>>>> 2016-07-27 16:01:37,894 OpenGL_accelerate module loaded
>>>> 2016-07-27 16:01:37,901 Warning: OpenGL windows will be clamped to the maximum texture size
>>>> 8192x8192
>>>> 2016-07-27 16:01:37,901 for OpenGL 3.0 renderer 'Gallium 0.4 on NV96'
>>>> 2016-07-27 16:01:37,901 OpenGL enabled with Gallium 0.4 on NV96
>>>> 2016-07-27 16:01:41,744 detected keyboard: rules=evdev, model=pc105, layout=fr
>>>> 2016-07-27 16:01:41,745 desktop size is 1680x1050 with 1 screen:
>>>> 2016-07-27 16:01:41,745 :0.0 (444x277 mm - DPI: 96x96) workarea: 1680x1016
>>>> 2016-07-27 16:01:41,745 monitor 1 (474x296 mm - DPI: 90x90)
>>>> 2016-07-27 16:01:42,221 server failure: disconnected before the session could be established
>>>> 2016-07-27 16:01:42,221 server requested disconnect: session not found error (no sessions found)
>>> 
>>> "no sessions found" is quite likely to be caused by this bug:
>>> http://xpra.org/trac/ticket/1264
>>> 
>>>> 2016-07-27 16:01:42,241 Connection lost
>>>> And commands from proxy side and logs:
>>>> [root at xpra_proxy /]# cat /home/proxy/.xpra/proxy_auth
>>>> eric|bonjour|1000|1000|tcp:172.19.0.3:10000|EXAMPLE_ENV=VALUE|compression=0
>>>> [root at xpra_proxy /]# /home/proxy/.xpra/start_xpra.sh
>>>> 2016-07-27 14:00:41,225 created unix domain socket: /root/.xpra/xpra_proxy-100
>>>> 2016-07-27 14:00:42,604 xpra proxy version 0.17.4-r12942
>>>> 2016-07-27 14:00:42,605 running with pid 42 on Linux CentOS Linux 7.2.1511 Core
>>>> 2016-07-27 14:00:42,606 on display :100
>>>> 2016-07-27 14:00:42,607 xpra is ready.
>>>> 2016-07-27 14:01:40,725 New tcp connection received from 192.168.122.1:48496
>>>> 2016-07-27 14:01:40,740 Authentication required by multi password file authenticator module
>>>> 2016-07-27 14:01:40,744 sending challenge for 'eric' using hmac digest
>>>> 
>>>> If I try to type a stupid password on client side:
>>>> [eric at lys ~]$ export XPRA_PASSWORD="stupid"
>>>> [eric at lys ~]$ xpra attach --username=eric --tcp-auth=env tcp:192.168.122.125:10000
>>>> 2016-07-27 16:05:52,185 Xpra gtk2 client version 0.17.4-r12942
>>>> 2016-07-27 16:05:52,185 running on Linux Fedora 23 Twenty Three
>>>> 2016-07-27 16:05:52,185 Warning: failed to import opencv:
>>>> 2016-07-27 16:05:52,185 No module named cv2
>>>> 2016-07-27 16:05:52,185 webcam forwarding is disabled
>>>> 2016-07-27 16:05:52,413 GStreamer version 1.6 for Python 2.7
>>>> -:6: error: unexpected character ':', expected character '}'
>>>> -:6: error: unexpected character ':', expected character '}'
>>>> 2016-07-27 16:05:53,234 OpenGL_accelerate module loaded
>>>> 2016-07-27 16:05:53,240 Warning: OpenGL windows will be clamped to the maximum texture size
>>>> 8192x8192
>>>> 2016-07-27 16:05:53,240 for OpenGL 3.0 renderer 'Gallium 0.4 on NV96'
>>>> 2016-07-27 16:05:53,241 OpenGL enabled with Gallium 0.4 on NV96
>>>> 2016-07-27 16:05:57,209 detected keyboard: rules=evdev, model=pc105, layout=fr
>>>> 2016-07-27 16:05:57,210 desktop size is 1680x1050 with 1 screen:
>>>> 2016-07-27 16:05:57,211 :0.0 (444x277 mm - DPI: 96x96) workarea: 1680x1016
>>>> 2016-07-27 16:05:57,211 monitor 1 (474x296 mm - DPI: 90x90)
>>>> 2016-07-27 16:05:58,688 server failure: disconnected before the session could be established
>>>> 2016-07-27 16:05:58,689 server requested disconnect: invalid challenge response
>>>> 2016-07-27 16:05:58,725 Connection lost
>>> 
>>> Good debugging. Changing the password does make a difference.
>>> 
>>>> And form proxy side:
>>>> 2016-07-27 14:05:56,188 New tcp connection received from 192.168.122.1:48528
>>>> 2016-07-27 14:05:56,210 Authentication required by multi password file authenticator module
>>>> 2016-07-27 14:05:56,210 sending challenge for 'eric' using hmac digest
>>>> 2016-07-27 14:05:56,683 Error: hmac password challenge for 'eric' does not match
>>>> 2016-07-27 14:05:56,684 Error: authentication failed
>>>> 2016-07-27 14:05:56,685 invalid challenge response
>>>> 2016-07-27 14:05:57,687 Disconnecting client 192.168.122.1:48528:
>>>> 2016-07-27 14:05:57,688 invalid challenge response
>>>> 2016-07-27 14:05:57,691 Connection lost
>>>> 
>>>> The xpra server 172.19.0.3 has never seen any connexion attempt.... any support welcome.
>>> 
>>> So, this bug:
>>> http://xpra.org/trac/ticket/1264
>>> was fixed a few days ago and has already been applied to the v0.17.x
>>> branch, it will be included in the 0.17.5 release.
>>> 
>>> In the meantime, you can try a newer beta build:
>>> http://xpra.org/beta
>>> or downgrade to the 0.14.x LTS branch, which should be immune to this
>>> particular regression.
>>> 
>>> Cheers
>>> Antoine
>>> 
>>>> thanks and best regards,
>>>> 
>>>> -
>>>> _/) Eric Grammatico.
>>>> _______________________________________________
>>>> shifter-users mailing list
>>>> shifter-users at lists.devloop.org.uk
>>>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>>> 
>>> _______________________________________________
>>> shifter-users mailing list
>>> shifter-users at lists.devloop.org.uk
>>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>> 
>> _______________________________________________
>> shifter-users mailing list
>> shifter-users at lists.devloop.org.uk
>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users



More information about the shifter-users mailing list