Differences

This shows you the differences between two versions of the page.

--- wiki:advanced:x2gobroker:howitworks [2013/03/27 17:19]
sunweaver [How does X2Go Session Broker Work]
+++ wiki:advanced:x2gobroker:howitworks [2013/03/28 10:20]
sunweaver [Extra Security: Pre-shared Authentication ID]
@@ Line 1: / Line 1: @@
 ====== How does X2Go Session Brokerage Work ======
+//Provided by Oleksandr Shneyder, edited by Mike Gabriel//
+This is about how X2Go Client and a generic X2Go Session Broker communicate with each other. This article will quickly become rather technical.
 ===== Authentication =====
-The X2Go client can use different methods of authentication.
+X2Go Client in broker mode will authenticate twice. First, it will authenticate against the X2Go Session Broker, second, it will authenticate against one of the servers provided by the broker in form of X2Go session profiles. Dual authentication means: the user has to type his/her username and password twice.
-With an HTTP(S) broker it could be //username and password//. With an SSH broker a //SSH key authentication// can also be used.
+A gain in usability cerainly is, if one manages to reduce these two authentication requests to one. How this can be achieved will be explained further below.
+==== Authentication methods against X2Go Session Broker ====
+In general, X2Go client can use different methods for authentication against an X2Go Session Broker.
+With an HTTP(S) broker it could be //username and password//. With an SSH broker a //SSH key based authentication// is also possible.
+==== Authentication methods against provided X2Go Servers ====
+For authentication against X2Go Servers, SSH is used. With SSH you can use //username and password// authentication, SSH key authentication, GnuPG-Smartcard based authentication, etc.
 ===== Extra Security: Pre-shared Authentication ID =====
-With both types of broker (HTTP, SSH) you can use an additional parameter "authid" for verifying the trust state of an authenticating user. The authentication ID is a user defined string (like a pre-shared key) which is stored in file on the client-side.
+With both session broker types (HTTP, SSH) you can use an additional parameter ''authid''. The authentication ID is used for verifying the trust state of an authenticating user/machine. The authentication ID is a user defined string (like a pre-shared key) which is stored in a file on the client-side.
-\n
 The file path to the authentication ID has to be specified as the X2Go Client command line option ''<nowiki>--auth-id</nowiki>''.
+The usage of this feature is optional.
 ===== Don't Check User Data =====
@@ Line 55: / Line 70: @@
 </code>
-==== Sesssion Profile Format ====
+==== Session Profile Format ====
 The option keys and values are the same as in X2Go Client's configuration file (''~/.x2goclient/sessions'').
@@ Line 149: / Line 164: @@
 ==== Providing Auto-Login via SSH Keys ====
-The broker can also provide a SSH Key to client (the key in the below example has been obfuscated):
+The broker can also provide an SSH key to X2Go Client (the key in the below example has been obfuscated):
 <code perl>
@@ Line 177: / Line 192: @@
 </code>
-Providing SSH Keys can be increase usability of X2Go in several cases.
+Providing SSH keys can be increase usability of X2Go in several cases.
 It is highly recommended to transfer SSH keys only over encrypted channels (HTTPS or SSH broker).

X2Go - everywhere@home

User Tools

Site Tools

Differences

Page Tools