[winswitch] What is the proper format the password files?

Antoine Martin antoine at nagafix.co.uk
Sun Feb 18 03:24:49 GMT 2018


(..)
Please don't bottom post, and please always keep the mailing list CCed.

>     > The contents of the password file is not what xpra expects. Is the actual
>     > format documented somewhere?
>     https://xpra.org/trac/wiki/Authentication
> 
>     > Is there an utility or script to create them
>     > in the right format?No tool needed:
>     echo -n "bucklemyshoe" > yourpasswordfile.txt
> 
> How about the one that contains username and password combinations, ie
>  -|-auth=multifile:filename=/path/to/userlist.txt|
The format is described in the man page and on the wiki.
As per a previous reply, the sqlite backend is easier to use and
provides command line tools to set things up.
That's assuming that you need to allow multiple username+password pairs.
If not, then "file" authentication is much easier to manage.

> I assume that userlist.txt contains username, password and a few other
> values besides,
> and that username and password are encoded, ie not in plaintext.
This file is also plain text, same as the "file" authentication module.
The same answer applies here, please read the links I've already posted
to understand why that is.

> PS. I tried the pam option, which logs the person straight into the
> desktop from the webpage,
pam does no such thing. pam is an authentication module which is
configured to check the local password database.
The session xpra connects to is orthogonal to the authentication module
used. You will get logged in to a "desktop" using "shadow" or
"start-desktop" subcommands only.

> but I would rather not do it that way as I explain at
> https://unix.stackexchange.com/questions/424797,
> because I prefer  multiple layers of security
Then you should consider SSL or SSH as transports.
You can now also stack multiple authentication modules in 2.3:
https://xpra.org/trac/ticket/1728

Cheers
Antoine

PS: please don't re-open tickets unless the issue is not resolved /
still requires work.



More information about the shifter-users mailing list