Revision 3b98303f docs/index.rst
b/docs/index.rst | ||
---|---|---|
18 | 18 |
* IPv4 and IPv6 support |
19 | 19 |
* Configurable timeout for client connections |
20 | 20 |
|
21 |
Its main use is to enable VNC clients to connect to firwalled VNC servers. |
|
21 |
Its main use is to enable VNC clients to connect to firewalled VNC servers.
|
|
22 | 22 |
|
23 | 23 |
It is used by `Synnefo <https://code.grnet.gr/projects/synnefo>`_ to provide |
24 | 24 |
users with (VNC) console access to their VMs. |
... | ... | |
26 | 26 |
Installation |
27 | 27 |
^^^^^^^^^^^^ |
28 | 28 |
|
29 |
snf-vncauthproxy is currently packaged only for Debian (stable / oldstable).
|
|
29 |
snf-vncauthproxy is currently packaged only for Debian (stable). |
|
30 | 30 |
|
31 | 31 |
You can find and install the latest version snf-vncauthproxy at Synnefo's apt |
32 | 32 |
repository: |
... | ... | |
37 | 37 |
|
38 | 38 |
| ``curl https://dev.grnet.gr/files/apt-grnetdev.pub | apt-key add -`` |
39 | 39 |
|
40 |
In case you're upgrading from an older snf-vncauthproxy version or it's the |
|
41 |
first time you're installing snf-vncauthproxy, you will prompted to configure |
|
42 |
a vncauthproxy user (see below for more information on user management). |
|
43 |
|
|
40 | 44 |
Overview |
41 | 45 |
^^^^^^^^ |
42 | 46 |
|
43 |
snf-vncauthproxy listens on a TCP socket for control (JSON) messages from clients.
|
|
44 |
The format of the control messages is: |
|
47 |
snf-vncauthproxy listens on a TCP socket for control (JSON) messages from |
|
48 |
clients. The format of the control messages is:
|
|
45 | 49 |
|
46 | 50 |
.. code-block:: console |
47 | 51 |
|
... | ... | |
89 | 93 |
The snf-vncauthproxy daemon can be either run manually or managed via its init |
90 | 94 |
script. |
91 | 95 |
|
92 |
If you're using the init script, snf-vncauthproxy reads its paramater from its
|
|
96 |
If you're using the init script, snf-vncauthproxy reads its options from its
|
|
93 | 97 |
default file (``DAEMON_OPTS`` parameter in ``/etc/default/vncauthproxy``). |
98 |
Refer to the vncauthproxy help output for a detailed listing and information |
|
99 |
on all available options: |
|
100 |
|
|
101 |
.. code-block:: console |
|
94 | 102 |
|
95 |
By default snf-vncauthproxy will listen to ``127.0.0.1:24999`` TCP, for incoming |
|
96 |
control connections and uses the ``25000-30000`` range for the listening / data |
|
97 |
sockets. |
|
103 |
# vncauthproxy --help |
|
98 | 104 |
|
99 |
Version 1.5 introduced replaced Unix domain control sockets with TCP |
|
100 |
control sockets. This change made it necessary to also introduce an |
|
101 |
authentication file to replace the Unix file permissions, which protected the |
|
102 |
domain sockets. |
|
105 |
By default snf-vncauthproxy will listen to ``127.0.0.1:24999`` TCP, for |
|
106 |
incoming control connections and uses the ``25000-30000`` range for the |
|
107 |
listening / data sockets. |
|
108 |
|
|
109 |
Version 1.5 replaced Unix domain control sockets with TCP control sockets. This |
|
110 |
change made it necessary to introduce an authentication file to replace the |
|
111 |
POSIX file permissions, which protected the domain sockets. |
|
103 | 112 |
|
104 | 113 |
The default path for the auth file is ``/var/lib/vncauthproxy/users`` |
105 | 114 |
(configurable by the ``--auth-file`` option). Each line in the file represents |
... | ... | |
108 | 117 |
|
109 | 118 |
.. code-block:: console |
110 | 119 |
|
111 |
user password |
|
112 |
user1 {cleartext}password |
|
113 |
user2 {HA1}md5hash |
|
120 |
username:$6$salt$hash |
|
121 |
|
|
122 |
The password part of the line (after the colon) is the output of crypt(), using |
|
123 |
a random 16-char salt with SHA-512. |
|
124 |
|
|
125 |
To manage the authentication file, you can use the vncauthproxy-passwd tool, |
|
126 |
to easily add, update and delete users: |
|
127 |
|
|
128 |
To add a user: |
|
129 |
|
|
130 |
.. code-block:: console |
|
131 |
|
|
132 |
# vncauthproxy-passwd /var/lib/vncauthproxy/users user |
|
133 |
|
|
134 |
You will be prompted for a password. |
|
114 | 135 |
|
115 |
The Debian package provides an example users file. |
|
136 |
To delete a user: |
|
137 |
|
|
138 |
.. code-block:: console |
|
139 |
|
|
140 |
# vncauthproxy-passwd -D /var/lib/vncauthproxy/users user |
|
141 |
|
|
142 |
See the help output of the tool for more options: |
|
143 |
|
|
144 |
.. code-block:: console |
|
145 |
|
|
146 |
# vncauthproxy-passwd -h |
|
147 |
|
|
148 |
.. warning:: The vncauthproxy daemon requires a restart for the changes in the |
|
149 |
authentication file to take effect. |
|
150 |
|
|
151 |
.. warning:: After installing snf-vncauthproxy for the fist time, make sure |
|
152 |
that you create a valid authentication file and define any users needed. The |
|
153 |
vncauthproxy daemon will start but will not be usable if no users are defined |
|
154 |
or if no authentication file is present. |
|
116 | 155 |
|
117 | 156 |
Version 1.5 introduced also support for SSL for the control socket. If you |
118 | 157 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil |
... | ... | |
161 | 200 |
snf-cyclades-app can connect to the snf-vncauthproxy on the listening address / |
162 | 201 |
port. It's also recommended to enable SSL on the control socket in that case. |
163 | 202 |
|
164 |
.. include:: changelog.rst |
|
203 |
Changelog |
|
204 |
^^^^^^^^^ |
|
205 |
|
|
206 |
* v1.5 :ref:`Changelog <Changelog-1.5>` |
|
207 |
|
|
208 |
Upgrade notes |
|
209 |
^^^^^^^^^^^^^ |
|
210 |
|
|
211 |
.. toctree:: |
|
212 |
:maxdepth: 1 |
|
165 | 213 |
|
166 |
.. include:: upgrade.rst
|
|
214 |
v1.4 -> v1.5 <upgrade/upgrade-1.5.rst>
|
|
167 | 215 |
|
168 | 216 |
Contact |
169 | 217 |
^^^^^^^ |
Also available in: Unified diff