Revision 3b98303f docs/index.rst
| b/docs/index.rst | ||
|---|---|---|
| 18 | 18 |
* IPv4 and IPv6 support |
| 19 | 19 |
* Configurable timeout for client connections |
| 20 | 20 |
|
| 21 |
Its main use is to enable VNC clients to connect to firwalled VNC servers. |
|
| 21 |
Its main use is to enable VNC clients to connect to firewalled VNC servers.
|
|
| 22 | 22 |
|
| 23 | 23 |
It is used by `Synnefo <https://code.grnet.gr/projects/synnefo>`_ to provide |
| 24 | 24 |
users with (VNC) console access to their VMs. |
| ... | ... | |
| 26 | 26 |
Installation |
| 27 | 27 |
^^^^^^^^^^^^ |
| 28 | 28 |
|
| 29 |
snf-vncauthproxy is currently packaged only for Debian (stable / oldstable).
|
|
| 29 |
snf-vncauthproxy is currently packaged only for Debian (stable). |
|
| 30 | 30 |
|
| 31 | 31 |
You can find and install the latest version snf-vncauthproxy at Synnefo's apt |
| 32 | 32 |
repository: |
| ... | ... | |
| 37 | 37 |
|
| 38 | 38 |
| ``curl https://dev.grnet.gr/files/apt-grnetdev.pub | apt-key add -`` |
| 39 | 39 |
|
| 40 |
In case you're upgrading from an older snf-vncauthproxy version or it's the |
|
| 41 |
first time you're installing snf-vncauthproxy, you will prompted to configure |
|
| 42 |
a vncauthproxy user (see below for more information on user management). |
|
| 43 |
|
|
| 40 | 44 |
Overview |
| 41 | 45 |
^^^^^^^^ |
| 42 | 46 |
|
| 43 |
snf-vncauthproxy listens on a TCP socket for control (JSON) messages from clients.
|
|
| 44 |
The format of the control messages is: |
|
| 47 |
snf-vncauthproxy listens on a TCP socket for control (JSON) messages from |
|
| 48 |
clients. The format of the control messages is:
|
|
| 45 | 49 |
|
| 46 | 50 |
.. code-block:: console |
| 47 | 51 |
|
| ... | ... | |
| 89 | 93 |
The snf-vncauthproxy daemon can be either run manually or managed via its init |
| 90 | 94 |
script. |
| 91 | 95 |
|
| 92 |
If you're using the init script, snf-vncauthproxy reads its paramater from its
|
|
| 96 |
If you're using the init script, snf-vncauthproxy reads its options from its
|
|
| 93 | 97 |
default file (``DAEMON_OPTS`` parameter in ``/etc/default/vncauthproxy``). |
| 98 |
Refer to the vncauthproxy help output for a detailed listing and information |
|
| 99 |
on all available options: |
|
| 100 |
|
|
| 101 |
.. code-block:: console |
|
| 94 | 102 |
|
| 95 |
By default snf-vncauthproxy will listen to ``127.0.0.1:24999`` TCP, for incoming |
|
| 96 |
control connections and uses the ``25000-30000`` range for the listening / data |
|
| 97 |
sockets. |
|
| 103 |
# vncauthproxy --help |
|
| 98 | 104 |
|
| 99 |
Version 1.5 introduced replaced Unix domain control sockets with TCP |
|
| 100 |
control sockets. This change made it necessary to also introduce an |
|
| 101 |
authentication file to replace the Unix file permissions, which protected the |
|
| 102 |
domain sockets. |
|
| 105 |
By default snf-vncauthproxy will listen to ``127.0.0.1:24999`` TCP, for |
|
| 106 |
incoming control connections and uses the ``25000-30000`` range for the |
|
| 107 |
listening / data sockets. |
|
| 108 |
|
|
| 109 |
Version 1.5 replaced Unix domain control sockets with TCP control sockets. This |
|
| 110 |
change made it necessary to introduce an authentication file to replace the |
|
| 111 |
POSIX file permissions, which protected the domain sockets. |
|
| 103 | 112 |
|
| 104 | 113 |
The default path for the auth file is ``/var/lib/vncauthproxy/users`` |
| 105 | 114 |
(configurable by the ``--auth-file`` option). Each line in the file represents |
| ... | ... | |
| 108 | 117 |
|
| 109 | 118 |
.. code-block:: console |
| 110 | 119 |
|
| 111 |
user password |
|
| 112 |
user1 {cleartext}password
|
|
| 113 |
user2 {HA1}md5hash
|
|
| 120 |
username:$6$salt$hash |
|
| 121 |
|
|
| 122 |
The password part of the line (after the colon) is the output of crypt(), using |
|
| 123 |
a random 16-char salt with SHA-512. |
|
| 124 |
|
|
| 125 |
To manage the authentication file, you can use the vncauthproxy-passwd tool, |
|
| 126 |
to easily add, update and delete users: |
|
| 127 |
|
|
| 128 |
To add a user: |
|
| 129 |
|
|
| 130 |
.. code-block:: console |
|
| 131 |
|
|
| 132 |
# vncauthproxy-passwd /var/lib/vncauthproxy/users user |
|
| 133 |
|
|
| 134 |
You will be prompted for a password. |
|
| 114 | 135 |
|
| 115 |
The Debian package provides an example users file. |
|
| 136 |
To delete a user: |
|
| 137 |
|
|
| 138 |
.. code-block:: console |
|
| 139 |
|
|
| 140 |
# vncauthproxy-passwd -D /var/lib/vncauthproxy/users user |
|
| 141 |
|
|
| 142 |
See the help output of the tool for more options: |
|
| 143 |
|
|
| 144 |
.. code-block:: console |
|
| 145 |
|
|
| 146 |
# vncauthproxy-passwd -h |
|
| 147 |
|
|
| 148 |
.. warning:: The vncauthproxy daemon requires a restart for the changes in the |
|
| 149 |
authentication file to take effect. |
|
| 150 |
|
|
| 151 |
.. warning:: After installing snf-vncauthproxy for the fist time, make sure |
|
| 152 |
that you create a valid authentication file and define any users needed. The |
|
| 153 |
vncauthproxy daemon will start but will not be usable if no users are defined |
|
| 154 |
or if no authentication file is present. |
|
| 116 | 155 |
|
| 117 | 156 |
Version 1.5 introduced also support for SSL for the control socket. If you |
| 118 | 157 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil |
| ... | ... | |
| 161 | 200 |
snf-cyclades-app can connect to the snf-vncauthproxy on the listening address / |
| 162 | 201 |
port. It's also recommended to enable SSL on the control socket in that case. |
| 163 | 202 |
|
| 164 |
.. include:: changelog.rst |
|
| 203 |
Changelog |
|
| 204 |
^^^^^^^^^ |
|
| 205 |
|
|
| 206 |
* v1.5 :ref:`Changelog <Changelog-1.5>` |
|
| 207 |
|
|
| 208 |
Upgrade notes |
|
| 209 |
^^^^^^^^^^^^^ |
|
| 210 |
|
|
| 211 |
.. toctree:: |
|
| 212 |
:maxdepth: 1 |
|
| 165 | 213 |
|
| 166 |
.. include:: upgrade.rst
|
|
| 214 |
v1.4 -> v1.5 <upgrade/upgrade-1.5.rst>
|
|
| 167 | 215 |
|
| 168 | 216 |
Contact |
| 169 | 217 |
^^^^^^^ |
Also available in: Unified diff