<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19412"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=Calibri>somehow out of stupidity you put your name on this
distribution list. All you have to do just remove...</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=cracker787@gmail.com
href="mailto:cracker787@gmail.com">קראק אר</A> </DIV>
<DIV><B>Sent:</B> Saturday, June 01, 2013 12:13 PM</DIV>
<DIV><B>To:</B> <A title=J.Langner@hzdr.de href="mailto:J.Langner@hzdr.de">Jens
Langner</A> </DIV>
<DIV><B>Cc:</B> <A title=thinlinc-technical@lists.cendio.se
href="mailto:thinlinc-technical@lists.cendio.se">thinlinc-technical@lists.cendio.se</A>
</DIV>
<DIV><B>Subject:</B> Re: [Thinlinc-technical] Requests regarding ThinLinc client
(Linux)</DIV></DIV></DIV>
<DIV><BR></DIV>
<DIV dir=rtl>
<DIV dir=ltr>FUCK YOU ALL, Don't send me messages ever again!</DIV></DIV>
<DIV class=gmail_extra><BR><BR>
<DIV class=gmail_quote>
<DIV dir=ltr>2013/5/31 Jens Langner <SPAN dir=ltr><<A
href="mailto:J.Langner@hzdr.de"
target=_blank>J.Langner@hzdr.de</A>></SPAN></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>Hello Aaron,<BR><BR>Am 31.05.2013 um 13:07 schrieb Aaron
Sowry <<A href="mailto:aaron@cendio.se">aaron@cendio.se</A>>:<BR>
<DIV class=im><BR>>> 1) As we supply the password on command-line via
the "-p" option<BR>>> potential hackers could easily retrieve the user
password in clear text<BR>>> by simply listing all running processes via
the "ps" command on linux.<BR>><BR>> There are actually 2 ways to
achieve this with ThinLinc:<BR>><BR>> 1) The ThinLinc client has an
option "--askpass PROGRAM" (see "tlclient<BR>> --help" and [1]). Whether
this will work for you or not depends on the<BR>> program which is asking
the user for their login information, however it<BR>> is worth a
look.<BR><BR></DIV>Thanks for the hint in using the --askpass / -P option. In
fact, I think I found a way to read in the password from stdin and supply it
via -P to thinlinc. Our current solution seems to be executing the thinlinc
client via the following command-line sequence:<BR><BR>echo PASSWORD |
/opt/thinclient/bin/tlclient -u USERNAME -P cat SERVERNAME<BR><BR>Thus, by
using "cat" as the askpass command the password is supplied via a stdin pipe
to tlclient will immediately be forwarded to the thinlinc client (stdin
redirection). This seems to work now, however, it is IMHO rather uncommon to
do it that way.<BR>
<DIV class=im><BR>> 2) Specify a per-user client configuration file, which
contains the<BR>> password. This configuration file will have the same
format as<BR>> ~/tlclient.conf, and should be set with the appropriate
permissions. You<BR>> will need to set the PASSWORD parameter (see [2])
using hexadecimal<BR>> ASCII representations of the password characters.
For example, for a<BR>> password of "foo":<BR>><BR>>
PASSWORD=666F6F<BR>><BR>> In your case, you will probably also want to
set AUTOLOGIN=1 as well as<BR>> SERVER_NAME. The ThinLinc client can then
be launched as follows:<BR>><BR>> $ tlclient -C
<conf_file><BR><BR></DIV>We also thought about using an automatically
generated config file in first place and supply it to the client, but we
didn't want to generate such a file and risk seeing it being intercepted in
some way. If we don't find any other problem I think our request is indeed be
fulfilled with the "-P cat" solution.<BR>
<DIV class=im><BR>>> 2) When automatically connecting to a thinlinc
server by calling the<BR>>> client with username, password and server
name the client GUI always<BR>>> pops up while trying to connect to the
ThinLinc server. There is,<BR>>> however, no option to suppress the
ThinLinc client user interface<BR>>> completely.<BR>><BR>> We do
in fact have a feature-request bug for this already in our tracker<BR>>
(bug #2897). It has not been implemented yet, however. If this feature<BR>>
is important to you, and you would like to make a feature request for<BR>>
it, you can send a mail to <A
href="mailto:support@cendio.se">support@cendio.se</A> and we can discuss
this<BR>> further off-list.<BR><BR></DIV>Thanks for pointing me to that
feature request. Indeed, this feature is really somewhat important to us as
popping up the thinlinc client somehow distracts the user attention. I will
therefore bring up my request to <A
href="mailto:support@cendio.se">support@cendio.se</A> soon in the hope to such
such a quiet option being implemented in a future client version.<BR>
<DIV class=HOEnZb>
<DIV class=h5><BR>best regards,<BR>jens<BR>--<BR>Dr. Jens
Langner<BR>Helmholtz-Zentrum Dresden-Rossendorf<BR>Institute of
Radiopharmaceutical Cancer Research<BR>Department of Positron Emission
Tomography<BR>POB 51 01 19, 01314 Dresden, Germany<BR><A
href="http://www.hzdr.de/" target=_blank>http://www.hzdr.de/</A> | +49 351 260
2757<BR><BR>Vorstand: Prof. Dr. Dr. h. c. Roland Sauerbrey<BR>Prof. Dr. Dr. h.
c. Peter Joehnk<BR>VR 1693 beim Amtsgericht
Dresden<BR><BR></DIV></DIV><BR>_______________________________________________<BR>Thinlinc-technical
mailing list<BR><A
href="mailto:Thinlinc-technical@lists.cendio.se">Thinlinc-technical@lists.cendio.se</A><BR><A
href="http://lists.cendio.se/mailman/listinfo/thinlinc-technical"
target=_blank>http://lists.cendio.se/mailman/listinfo/thinlinc-technical</A><BR><BR></BLOCKQUOTE></DIV><BR></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Thinlinc-technical
mailing
list<BR>Thinlinc-technical@lists.cendio.se<BR>http://lists.cendio.se/mailman/listinfo/thinlinc-technical<BR></BODY></HTML>