X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:installation:x2gobroker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
doc:installation:x2gobroker [2013/05/12 21:05]
sunweaver [X2Go Session Broker Config] 		doc:installation:x2gobroker [2013/05/12 21:50]
sunweaver
Line 42: Line 42:
   * [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob_plain;f=etc/x2gobroker-wsgi.apache.vhost|X2Go Session Broker WSGI support as VirtualHost]]   * [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob_plain;f=etc/x2gobroker-wsgi.apache.vhost|X2Go Session Broker WSGI support as VirtualHost]]
  
 +
 +
 +===== X2Go Session Broker Authentication Service =====
 +
 +Package name: '''x2gobroker-authservice'''
 +
 +On Debian based systems:
 +
 +<code bash>
 +$ sudo apt-get install x2gobroker-authservice
 +</code>
 +
 +The X2Go Session Broker Authentication Service normally gets installed on the machine that also has ''x2gobroker-daemon'' or ''x2gobroker-wsgi'' installed. The broker code itself runs as system user ''x2gobroker'' whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker.
 +
 +The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (''pam_unix.so'') requires root privileges by the authentication process.
 +
 +With other PAM setups (e.g. ''pam_ldap.so'') root privileges are not required and it is ok to not install ''x2gobroker-authservice''.
 +
 +Furthermore, X2Go Session Broker can be extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are listed [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=tree;f=x2gobroker/authmechs|here]].
 +
 +===== X2Go Session Broker Agent =====
 +
 +Package name: '''x2gobroker-agent'''
 +
 +On Debian based systems:
 +
 +<code bash>
 +$ sudo apt-get install x2gobroker-agent
 +</code>
 +
 +Installing X2Go Session Broker Agent is optional. The broker agent has to be intalled on machines that are in the roll of an X2Go Server (i.e. in the role of a terminal server running X2Go).
 +
 +**Note:** Furthermore, the X2Go Session Broker Agent gets installed setuid root (group: x2gobroker system group, permissions: 0750). System administrators should be aware of this. If someone hacks the x2gobroker user account on one of your X2Go Servers, this hacker can then execute certain X2Go related commands with root privileges on the X2Go Server system.
 +
 +The broker agent is the man-in-the-middle between X2Go Session Broker and the X2Go Server(s) that the session broker provides. Through the X2Go Session Broker Agent the broker core can obtain information on provided X2Go Servers for all users on that server host. 
 +
 +The current functionalities of the broker agent are:
 +
 +  * list user sessions of any user
 +  * deploy SSH public keys on behalf of any user
 +  * drop SSH public keys on behalf of any user
 +  * render an ordered list of X2Go Servers and their usage (by number of running/suspended sessions), only needed in load balancing setups
 +  * suspend sessions on behalf of any user
 +  * render a list of used X2Go Servers
 +  * (more to come...)
  
 ===== X2Go Session Broker: Backends and Frontends ===== ===== X2Go Session Broker: Backends and Frontends =====
Line 66: Line 111:
   * The '''plain''' WebUI frontend: usable with X2Go Client   * The '''plain''' WebUI frontend: usable with X2Go Client
   * The '''uccs''' WebUI frontend: usable with Unity Greeter (experimental)   * The '''uccs''' WebUI frontend: usable with Unity Greeter (experimental)
- 
- 
-===== X2Go Session Broker Authentication Service ===== 
- 
-Package name: '''x2gobroker-authservice''' 
- 
-On Debian based systems: 
- 
-<code bash> 
-$ sudo apt-get install x2gobroker-authservice 
-</code> 
- 
-The X2Go Session Broker Authentication Service normally gets installed on the machine that also has ''x2gobroker-daemon'' or ''x2gobroker-wsgi'' installed. The broker code itself runs as system user ''x2gobroker'' whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker. 
- 
-The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (''pam_unix.so'') requires root privileges by the authentication process. 
- 
-With other PAM setups (e.g. ''pam_ldap.so'') root privileges are not required and it is ok to not install ''x2gobroker-authservice''. 
- 
-Furthermore, X2Go Session Broker can be extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are listed [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=tree;f=x2gobroker/authmechs|here]]. 
  
 ===== Setting up Config Files ===== ===== Setting up Config Files =====
doc/installation/x2gobroker.txt ยท Last modified: 2023/03/27 15:22 by gratuxri

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki