[Thinlinc-technical] Requests regarding ThinLinc client (Linux)

Mansour Moghadasian mansour_moghadasian at hotmail.com
Sun Jun 2 04:03:10 CEST 2013

somehow out of stupidity you put your name on this distribution list.  All you have to do just remove...

From: ???? ?? 
Sent: Saturday, June 01, 2013 12:13 PM
To: Jens Langner 
Cc: thinlinc-technical at lists.cendio.se 
Subject: Re: [Thinlinc-technical] Requests regarding ThinLinc client (Linux)

FUCK YOU ALL, Don't send me messages ever again!

2013/5/31 Jens Langner <J.Langner at hzdr.de>
  Hello Aaron,

  Am 31.05.2013 um 13:07 schrieb Aaron Sowry <aaron at cendio.se>:

  >> 1) As we supply the password on command-line via the "-p" option
  >> potential hackers could easily retrieve the user password in clear text
  >> by simply listing all running processes via the "ps" command on linux.
  > There are actually 2 ways to achieve this with ThinLinc:
  > 1) The ThinLinc client has an option "--askpass PROGRAM" (see "tlclient
  > --help" and [1]). Whether this will work for you or not depends on the
  > program which is asking the user for their login information, however it
  > is worth a look.

  Thanks for the hint in using the --askpass / -P option. In fact, I think I found a way to read in the password from stdin and supply it via -P to thinlinc. Our current solution seems to be executing the thinlinc client via the following command-line sequence:

  echo PASSWORD | /opt/thinclient/bin/tlclient -u USERNAME -P cat SERVERNAME

  Thus, by using "cat" as the askpass command the password is supplied via a stdin pipe to tlclient will immediately be forwarded to the thinlinc client (stdin redirection). This seems to work now, however, it is IMHO rather uncommon to do it that way.

  > 2) Specify a per-user client configuration file, which contains the
  > password. This configuration file will have the same format as
  > ~/tlclient.conf, and should be set with the appropriate permissions. You
  > will need to set the PASSWORD parameter (see [2]) using hexadecimal
  > ASCII representations of the password characters. For example, for a
  > password of "foo":
  > In your case, you will probably also want to set AUTOLOGIN=1 as well as
  > SERVER_NAME. The ThinLinc client can then be launched as follows:
  > $ tlclient -C <conf_file>

  We also thought about using an automatically generated config file in first place and supply it to the client, but we didn't want to generate such a file and risk seeing it being intercepted in some way. If we don't find any other problem I think our request is indeed be fulfilled with the "-P cat" solution.

  >> 2) When automatically connecting to a thinlinc server by calling the
  >> client with username, password and server name the client GUI always
  >> pops up while trying to connect to the ThinLinc server. There is,
  >> however, no option to suppress the ThinLinc client user interface
  >> completely.
  > We do in fact have a feature-request bug for this already in our tracker
  > (bug #2897). It has not been implemented yet, however. If this feature
  > is important to you, and you would like to make a feature request for
  > it, you can send a mail to support at cendio.se and we can discuss this
  > further off-list.

  Thanks for pointing me to that feature request. Indeed, this feature is really somewhat important to us as popping up the thinlinc client somehow distracts the user attention. I will therefore bring up my request to support at cendio.se soon in the hope to such such a quiet option being implemented in a future client version.

  best regards,
  Dr. Jens Langner
  Helmholtz-Zentrum Dresden-Rossendorf
  Institute of Radiopharmaceutical Cancer Research
  Department of Positron Emission Tomography
  POB 51 01 19, 01314 Dresden, Germany
  http://www.hzdr.de/ | +49 351 260 2757

  Vorstand: Prof. Dr. Dr. h. c. Roland Sauerbrey
  Prof. Dr. Dr. h. c. Peter Joehnk
  VR 1693 beim Amtsgericht Dresden

  Thinlinc-technical mailing list
  Thinlinc-technical at lists.cendio.se


Thinlinc-technical mailing list
Thinlinc-technical at lists.cendio.se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20130601/07ccd5a8/attachment-0007.html>

More information about the Thinlinc-technical mailing list