[Thinlinc-technical] Requests regarding ThinLinc client (Linux)
Mansour Moghadasian
mansour_moghadasian at hotmail.com
Sun Jun 2 04:03:10 CEST 2013
somehow out of stupidity you put your name on this distribution list. All you have to do just remove...
From: ???? ??
Sent: Saturday, June 01, 2013 12:13 PM
To: Jens Langner
Cc: thinlinc-technical at lists.cendio.se
Subject: Re: [Thinlinc-technical] Requests regarding ThinLinc client (Linux)
FUCK YOU ALL, Don't send me messages ever again!
2013/5/31 Jens Langner <J.Langner at hzdr.de>
Hello Aaron,
Am 31.05.2013 um 13:07 schrieb Aaron Sowry <aaron at cendio.se>:
>> 1) As we supply the password on command-line via the "-p" option
>> potential hackers could easily retrieve the user password in clear text
>> by simply listing all running processes via the "ps" command on linux.
>
> There are actually 2 ways to achieve this with ThinLinc:
>
> 1) The ThinLinc client has an option "--askpass PROGRAM" (see "tlclient
> --help" and [1]). Whether this will work for you or not depends on the
> program which is asking the user for their login information, however it
> is worth a look.
Thanks for the hint in using the --askpass / -P option. In fact, I think I found a way to read in the password from stdin and supply it via -P to thinlinc. Our current solution seems to be executing the thinlinc client via the following command-line sequence:
echo PASSWORD | /opt/thinclient/bin/tlclient -u USERNAME -P cat SERVERNAME
Thus, by using "cat" as the askpass command the password is supplied via a stdin pipe to tlclient will immediately be forwarded to the thinlinc client (stdin redirection). This seems to work now, however, it is IMHO rather uncommon to do it that way.
> 2) Specify a per-user client configuration file, which contains the
> password. This configuration file will have the same format as
> ~/tlclient.conf, and should be set with the appropriate permissions. You
> will need to set the PASSWORD parameter (see [2]) using hexadecimal
> ASCII representations of the password characters. For example, for a
> password of "foo":
>
> PASSWORD=666F6F
>
> In your case, you will probably also want to set AUTOLOGIN=1 as well as
> SERVER_NAME. The ThinLinc client can then be launched as follows:
>
> $ tlclient -C <conf_file>
We also thought about using an automatically generated config file in first place and supply it to the client, but we didn't want to generate such a file and risk seeing it being intercepted in some way. If we don't find any other problem I think our request is indeed be fulfilled with the "-P cat" solution.
>> 2) When automatically connecting to a thinlinc server by calling the
>> client with username, password and server name the client GUI always
>> pops up while trying to connect to the ThinLinc server. There is,
>> however, no option to suppress the ThinLinc client user interface
>> completely.
>
> We do in fact have a feature-request bug for this already in our tracker
> (bug #2897). It has not been implemented yet, however. If this feature
> is important to you, and you would like to make a feature request for
> it, you can send a mail to support at cendio.se and we can discuss this
> further off-list.
Thanks for pointing me to that feature request. Indeed, this feature is really somewhat important to us as popping up the thinlinc client somehow distracts the user attention. I will therefore bring up my request to support at cendio.se soon in the hope to such such a quiet option being implemented in a future client version.
best regards,
jens
--
Dr. Jens Langner
Helmholtz-Zentrum Dresden-Rossendorf
Institute of Radiopharmaceutical Cancer Research
Department of Positron Emission Tomography
POB 51 01 19, 01314 Dresden, Germany
http://www.hzdr.de/ | +49 351 260 2757
Vorstand: Prof. Dr. Dr. h. c. Roland Sauerbrey
Prof. Dr. Dr. h. c. Peter Joehnk
VR 1693 beim Amtsgericht Dresden
_______________________________________________
Thinlinc-technical mailing list
Thinlinc-technical at lists.cendio.se
http://lists.cendio.se/mailman/listinfo/thinlinc-technical
--------------------------------------------------------------------------------
_______________________________________________
Thinlinc-technical mailing list
Thinlinc-technical at lists.cendio.se
http://lists.cendio.se/mailman/listinfo/thinlinc-technical
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20130601/07ccd5a8/attachment-0007.html>
More information about the Thinlinc-technical
mailing list