[Thinlinc-technical] Requests regarding ThinLinc client (Linux)
cracker787 at gmail.com
Sat Jun 1 21:13:06 CEST 2013
FUCK YOU ALL, Don't send me messages ever again!
2013/5/31 Jens Langner <J.Langner at hzdr.de>
> Hello Aaron,
> Am 31.05.2013 um 13:07 schrieb Aaron Sowry <aaron at cendio.se>:
> >> 1) As we supply the password on command-line via the "-p" option
> >> potential hackers could easily retrieve the user password in clear text
> >> by simply listing all running processes via the "ps" command on linux.
> > There are actually 2 ways to achieve this with ThinLinc:
> > 1) The ThinLinc client has an option "--askpass PROGRAM" (see "tlclient
> > --help" and ). Whether this will work for you or not depends on the
> > program which is asking the user for their login information, however it
> > is worth a look.
> Thanks for the hint in using the --askpass / -P option. In fact, I think I
> found a way to read in the password from stdin and supply it via -P to
> thinlinc. Our current solution seems to be executing the thinlinc client
> via the following command-line sequence:
> echo PASSWORD | /opt/thinclient/bin/tlclient -u USERNAME -P cat SERVERNAME
> Thus, by using "cat" as the askpass command the password is supplied via a
> stdin pipe to tlclient will immediately be forwarded to the thinlinc client
> (stdin redirection). This seems to work now, however, it is IMHO rather
> uncommon to do it that way.
> > 2) Specify a per-user client configuration file, which contains the
> > password. This configuration file will have the same format as
> > ~/tlclient.conf, and should be set with the appropriate permissions. You
> > will need to set the PASSWORD parameter (see ) using hexadecimal
> > ASCII representations of the password characters. For example, for a
> > password of "foo":
> > PASSWORD=666F6F
> > In your case, you will probably also want to set AUTOLOGIN=1 as well as
> > SERVER_NAME. The ThinLinc client can then be launched as follows:
> > $ tlclient -C <conf_file>
> We also thought about using an automatically generated config file in
> first place and supply it to the client, but we didn't want to generate
> such a file and risk seeing it being intercepted in some way. If we don't
> find any other problem I think our request is indeed be fulfilled with the
> "-P cat" solution.
> >> 2) When automatically connecting to a thinlinc server by calling the
> >> client with username, password and server name the client GUI always
> >> pops up while trying to connect to the ThinLinc server. There is,
> >> however, no option to suppress the ThinLinc client user interface
> >> completely.
> > We do in fact have a feature-request bug for this already in our tracker
> > (bug #2897). It has not been implemented yet, however. If this feature
> > is important to you, and you would like to make a feature request for
> > it, you can send a mail to support at cendio.se and we can discuss this
> > further off-list.
> Thanks for pointing me to that feature request. Indeed, this feature is
> really somewhat important to us as popping up the thinlinc client somehow
> distracts the user attention. I will therefore bring up my request to
> support at cendio.se soon in the hope to such such a quiet option being
> implemented in a future client version.
> best regards,
> Dr. Jens Langner
> Helmholtz-Zentrum Dresden-Rossendorf
> Institute of Radiopharmaceutical Cancer Research
> Department of Positron Emission Tomography
> POB 51 01 19, 01314 Dresden, Germany
> http://www.hzdr.de/ | +49 351 260 2757
> Vorstand: Prof. Dr. Dr. h. c. Roland Sauerbrey
> Prof. Dr. Dr. h. c. Peter Joehnk
> VR 1693 beim Amtsgericht Dresden
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Thinlinc-technical