[Thinlinc-technical] Requests regarding ThinLinc client (Linux)

Sat Jun 1 21:15:09 CEST 2013

what the fuck?

2013/6/2 קראק אר <cracker787 at gmail.com>

> FUCK YOU ALL, Don't send me messages ever again!
>
>
> 2013/5/31 Jens Langner <J.Langner at hzdr.de>
>
>> Hello Aaron,
>>
>> Am 31.05.2013 um 13:07 schrieb Aaron Sowry <aaron at cendio.se>:
>>
>> >> 1) As we supply the password on command-line via the "-p" option
>> >> potential hackers could easily retrieve the user password in clear text
>> >> by simply listing all running processes via the "ps" command on linux.
>> >
>> > There are actually 2 ways to achieve this with ThinLinc:
>> >
>> > 1) The ThinLinc client has an option "--askpass PROGRAM" (see "tlclient
>> > --help" and [1]). Whether this will work for you or not depends on the
>> > program which is asking the user for their login information, however it
>> > is worth a look.
>>
>> Thanks for the hint in using the --askpass / -P option. In fact, I think
>> I found a way to read in the password from stdin and supply it via -P to
>> thinlinc. Our current solution seems to be executing the thinlinc client
>> via the following command-line sequence:
>>
>> echo PASSWORD | /opt/thinclient/bin/tlclient -u USERNAME -P cat SERVERNAME
>>
>> Thus, by using "cat" as the askpass command the password is supplied via
>> a stdin pipe to tlclient will immediately be forwarded to the thinlinc
>> client (stdin redirection). This seems to work now, however, it is IMHO
>> rather uncommon to do it that way.
>>
>> > 2) Specify a per-user client configuration file, which contains the
>> > password. This configuration file will have the same format as
>> > ~/tlclient.conf, and should be set with the appropriate permissions. You
>> > will need to set the PASSWORD parameter (see [2]) using hexadecimal
>> > ASCII representations of the password characters. For example, for a
>> > password of "foo":
>> >
>> > PASSWORD=666F6F
>> >
>> > In your case, you will probably also want to set AUTOLOGIN=1 as well as
>> > SERVER_NAME. The ThinLinc client can then be launched as follows:
>> >
>> > $ tlclient -C <conf_file>
>>
>> We also thought about using an automatically generated config file in
>> first place and supply it to the client, but we didn't want to generate
>> such a file and risk seeing it being intercepted in some way. If we don't
>> find any other problem I think our request is indeed be fulfilled with the
>> "-P cat" solution.
>>
>> >> 2) When automatically connecting to a thinlinc server by calling the
>> >> client with username, password and server name the client GUI always
>> >> pops up while trying to connect to the ThinLinc server. There is,
>> >> however, no option to suppress the ThinLinc client user interface
>> >> completely.
>> >
>> > We do in fact have a feature-request bug for this already in our tracker
>> > (bug #2897). It has not been implemented yet, however. If this feature
>> > is important to you, and you would like to make a feature request for
>> > it, you can send a mail to support at cendio.se and we can discuss this
>> > further off-list.
>>
>> Thanks for pointing me to that feature request. Indeed, this feature is
>> really somewhat important to us as popping up the thinlinc client somehow
>> distracts the user attention. I will therefore bring up my request to
>> support at cendio.se soon in the hope to such such a quiet option being
>> implemented in a future client version.
>>
>> best regards,
>> jens
>> --
>> Dr. Jens Langner
>> Helmholtz-Zentrum Dresden-Rossendorf
>> Institute of Radiopharmaceutical Cancer Research
>> Department of Positron Emission Tomography
>> POB 51 01 19, 01314 Dresden, Germany
>> http://www.hzdr.de/ | +49 351 260 2757
>>
>> Vorstand: Prof. Dr. Dr. h. c. Roland Sauerbrey
>> Prof. Dr. Dr. h. c. Peter Joehnk
>> VR 1693 beim Amtsgericht Dresden
>>
>>
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>>
>
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20130602/5aaaffb4/attachment-0007.html>