[Thinlinc-technical] Forcing sessions for some users to certain agent hosts
Samuel Mannehed
samuel at cendio.se
Tue May 5 12:40:05 CEST 2015
Hi again Philippe,
> I don't have users defined on the Master, still I am able to login
> into the first Agent, is this as designed ?
No this is not possible, you must be misunderstanding something. If
you are running a ThinLinc cluster with multiple agent machines, the
users authenticate firstly towards the master and secondly to the
selected agent when logging in. Your master must find the user in order
for the login to a ThinLinc session to work.
Are you maybe running both the agent and the master on the same machine
and connecting to that?
And Rob:
> I understood that it's only the agent who needs to be able to
> authenticate users.
No, both the master and the agent are required to authenticate the
users.
This is the order of things happening when a user logs in:
* The ThinLinc client tries to authenticate with the user information
through a new SSH tunnel to the master.
* Upon successful authentication the master gives information about
potential existing sessions or starts a new session on an agent
server and gives information about that.
* The master sends information about the agent server that was
selected. The agent server is selected based on load balancing or
explicit_agentselection.
* The client closes the SSH tunnel to the master and opens a SSH tunnel
to the correct agent.
* The client tries to authenticate with the user information to the
agent through the tunnel.
* Upon successful authentication ports are opened on for VNC and local
devices, and the VNC viewer is started.
I hope this clears things up.
Regards,
--
Samuel Mannehed ThinLinc Developer
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600 https://plus.google.com/+CendioThinLinc
More information about the Thinlinc-technical
mailing list