This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
wiki:advanced:x2gobroker:howitworks [2013/03/27 17:29] sunweaver [Authentication] |
wiki:advanced:x2gobroker:howitworks [2013/03/28 10:31] sunweaver [Generic function: listSessions] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== How does X2Go Session Brokerage Work ====== | ====== How does X2Go Session Brokerage Work ====== | ||
- | This is about how X2Go Client and a generic X2Go Session Broker communicate with each other. | + | //Provided by Oleksandr Shneyder, edited by Mike Gabriel// |
- | Note: This article | + | This is about how X2Go Client and a generic X2Go Session Broker communicate with each other. This article will quickly become |
===== Authentication ===== | ===== Authentication ===== | ||
- | The X2Go client can use different methods of authentication | + | X2Go Client in broker mode will authenticate twice. First, it will authenticate |
- | With an HTTP(S) broker it could be //username and password//. With an SSH broker a //SSH key authentication// can also be used. | + | A gain in usability cerainly is, if one manages to reduce these two authentication |
+ | ==== Authentication methods against X2Go Session Broker ==== | ||
+ | |||
+ | In general, X2Go client can use different methods for authentication against an X2Go Session Broker. | ||
+ | |||
+ | With an HTTP(S) broker it could be //username and password//. With an SSH broker a //SSH key based authentication// | ||
+ | |||
+ | ==== Authentication methods against provided X2Go Servers ==== | ||
+ | |||
+ | For authentication against X2Go Servers, SSH is used. With SSH you can use //username and password// authentication, | ||
===== Extra Security: Pre-shared Authentication ID ===== | ===== Extra Security: Pre-shared Authentication ID ===== | ||
- | With both types of broker | + | With both session broker |
- | \n | + | |
The file path to the authentication ID has to be specified as the X2Go Client command line option ''< | The file path to the authentication ID has to be specified as the X2Go Client command line option ''< | ||
+ | |||
+ | The usage of this feature is optional. | ||
===== Don't Check User Data ===== | ===== Don't Check User Data ===== | ||
- | In some setups it can make sense to give access to the X2Go Session Broker without authentication. | + | In some setups it can make sense to give access to the X2Go Session Broker without authentication. |
+ | |||
+ | __Example: | ||
When implementing your own session broker, you can configure the broker not to check the username (and password) at all. This is only possible with HTTP based brokers. | When implementing your own session broker, you can configure the broker not to check the username (and password) at all. This is only possible with HTTP based brokers. | ||
- | With SSH based X2Go Session Broker implementations, | + | With SSH based X2Go Session Broker implementations, |
===== Granting Access to the Broker ===== | ===== Granting Access to the Broker ===== | ||
Line 65: | Line 78: | ||
The only difference occurs in the parameters '' | The only difference occurs in the parameters '' | ||
- | Furthermore, | + | Furthermore, |
=== The session profile option: host === | === The session profile option: host === | ||
Line 72: | Line 85: | ||
In load balancing setups, the best server will be | In load balancing setups, the best server will be | ||
- | chosen after selection of a session profile. Once the best server has been detected, it is sent to X2Go Client and X2Go Client | + | chosen after selection of a session profile. Once the best server has been detected, it is sent to X2Go Client and X2Go Client |
+ | |||
+ | When resuming an X2Go session, the broker will know the server that runs the suspended session and return that one, so that the user can continue his/her earlier session. | ||
=== The session profile option: key === | === The session profile option: key === | ||
Line 85: | Line 100: | ||
=== The session profile option: usebrokerpass === | === The session profile option: usebrokerpass === | ||
- | The parameter '' | + | The parameter '' |
This can be useful if the X2Go Session Broker and the X2Go Server use the same authentication server (e.g. same LDAP db) and there is no need to ask the same password twice. | This can be useful if the X2Go Session Broker and the X2Go Server use the same authentication server (e.g. same LDAP db) and there is no need to ask the same password twice. | ||
- | It is not recommended to use such authentication | + | It is highly |
=== The session profile option: status === | === The session profile option: status === | ||
Line 99: | Line 114: | ||
===== Selecting a Session Profile ===== | ===== Selecting a Session Profile ===== | ||
- | After login to the X2Go Session Broker a list of provided session profiles is shown in X2Go Client. The user can now choose one session profile from this list. The ID of chosen session profile will be sent to the broker and the broker sends the connection data back to X2Go Client. | + | After login to the X2Go Session Broker a list of provided session profiles is shown in X2Go Client. The user can now choose one session profile from this list. The ID of the chosen session profile will be sent to the session |
==== Generic function: listSessions ==== | ==== Generic function: listSessions ==== | ||
- | This is a generic example for the "selectSession" function in a Perl based X2Go Session Broker: | + | This is a generic example for the "listSessions" function in a Perl based X2Go Session Broker: |
<code perl> | <code perl> | ||
Line 153: | Line 168: | ||
==== Providing Auto-Login via SSH Keys ==== | ==== Providing Auto-Login via SSH Keys ==== | ||
- | The broker can also provide | + | The broker can also provide |
<code perl> | <code perl> | ||
Line 181: | Line 196: | ||
</ | </ | ||
- | Providing SSH Keys can be increase usability of X2Go in several cases. | + | Providing SSH keys can be increase usability of X2Go in several cases. |
It is highly recommended to transfer SSH keys only over encrypted channels (HTTPS or SSH broker). | It is highly recommended to transfer SSH keys only over encrypted channels (HTTPS or SSH broker). |