User Tools

Site Tools


wiki:advanced:x2gobroker:howitworks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:advanced:x2gobroker:howitworks [2013/03/28 10:22]
sunweaver [Don't Check User Data]
wiki:advanced:x2gobroker:howitworks [2013/03/28 10:46] (current)
sunweaver [How does X2Go Session Brokerage Work]
Line 1: Line 1:
-====== How does X2Go Session Brokerage Work ======+====== How does X2Go Session Brokerage Work======
  
 //Provided by Oleksandr Shneyder, edited by Mike Gabriel// //Provided by Oleksandr Shneyder, edited by Mike Gabriel//
Line 78: Line 78:
 The only difference occurs in the parameters ''​host=<​hostname>''​ and ''​key=<​keyfile>''​. ​ The only difference occurs in the parameters ''​host=<​hostname>''​ and ''​key=<​keyfile>''​. ​
  
-Furthermore,​ there are two parameters that are not supported in the ''​sessions''​ file, but are only functional ​when X2Go Client is in broker mode: ''​status=<​status>​''​ and ''​usebrokerpass={true,​false}''​.+Furthermore,​ there are two extra parameters that are not supported in the ''​sessions''​ file, but have a special functionality ​when X2Go Client is run in broker mode: ''​status={R,S}''​ and ''​usebrokerpass={true,​false}''​.
  
 === The session profile option: host === === The session profile option: host ===
Line 85: Line 85:
  
 In load balancing setups, the best server will be In load balancing setups, the best server will be
-chosen after selection of a session profile. Once the best server has been detected, it is sent to X2Go Client and X2Go Client ​use the best server'​s hostname for authentication and session startup. When resuming an X2Go session, the broker will know the server that runs the suspended session and return that one, so that the user can continue his/her earlier session.+chosen after selection of a session profile. Once the best server has been detected, it is sent to X2Go Client and X2Go Client ​uses this best server'​s hostname for authentication and session startup. 
 + 
 +When resuming an X2Go session, the broker will know the server that runs the suspended session and return that one, so that the user can continue his/her earlier session.
  
 === The session profile option: key === === The session profile option: key ===
Line 98: Line 100:
 === The session profile option: usebrokerpass === === The session profile option: usebrokerpass ===
  
-The parameter ''​usebrokerpass={true,​false}''​ is used to denote that requesting the user password for this session is not necessary, but that the X2Go Client should rather use the broker password instead. ​+The parameter ''​usebrokerpass={true,​false}''​ is used to denote that requesting the user password for this session is not necessary, but that the X2Go Client should rather use the broker's //username and password// tuple instead. ​
  
 This can be useful if the X2Go Session Broker and the X2Go Server use the same authentication server (e.g. same LDAP db) and there is no need to ask the same password twice. ​ This can be useful if the X2Go Session Broker and the X2Go Server use the same authentication server (e.g. same LDAP db) and there is no need to ask the same password twice. ​
  
-It is not recommended to use such authentication ​with an HTTP Broker without ​SSL encryption.+It is highly ​recommended to only use this feature on HTTPS brokers (i.e. with SSL encryption ​for the X2Go Client <-> X2Go Session Broker communication) or SSH brokers.
  
 === The session profile option: status === === The session profile option: status ===
Line 112: Line 114:
 ===== Selecting a Session Profile ===== ===== Selecting a Session Profile =====
  
-After login to the X2Go Session Broker a list of provided session profiles is shown in X2Go Client. The user can now choose one session profile from this list. The ID of chosen session profile will be sent to the broker and the broker sends the connection data back to X2Go Client. ​+After login to the X2Go Session Broker a list of provided session profiles is shown in X2Go Client. The user can now choose one session profile from this list. The ID of the chosen session profile will be sent to the session ​broker and the broker sends the connection data back to X2Go Client. ​
  
  
-==== Generic function: ​listSessions ​====+==== Generic function: ​selectSessions ​====
  
 This is a generic example for the "​selectSession"​ function in a Perl based X2Go Session Broker: This is a generic example for the "​selectSession"​ function in a Perl based X2Go Session Broker:
Line 136: Line 138:
 If no other data is specified, a new X2Go session will be created. If no other data is specified, a new X2Go session will be created.
  
-The X2Go Session Broker can also send information back to client, that tells the client to resume a suspend session.+The X2Go Session Broker can also send information back to X2Go Client, that tells the client to resume a suspend session.
  
-In this case the X2Go Session Broker ​should also send a session information to X2Go Client ​(one of those lines as returned by the X2Go Server command x2golistsessions):+In the code example below, additionally to the X2Go Server hostname, ​X2Go Session Broker ​sends a session information ​line to X2Go Client. This session information line looks just the same as one of those lines that get returned by the X2Go Server command ​''​x2golistsessions''​:
 <code perl> <code perl>
 sub selectSession sub selectSession
Line 160: Line 162:
 ==== No Auto-Resuming of Sessions ==== ==== No Auto-Resuming of Sessions ====
  
-If X2Go Client is running in broker mode, it will not verify if there are existing sessions on X2Go Server. ​+If X2Go Client is running in broker mode, it will not verify if there are existing sessions on the targeted ​X2Go Server. ​
  
-It is the responsibility of the X2Go Session Broker. The X2Go Broker should also suspend sessions before providing session data to client ​if a session is still/​already running.+Checking for running/​suspended sessions ​is the responsibility of the X2Go Session Broker. The X2Go Session ​Broker should also suspend sessions before providing session data to X2Go Client ​if a candidate ​session is still/​already running.
  
 ==== Providing Auto-Login via SSH Keys ==== ==== Providing Auto-Login via SSH Keys ====
Line 194: Line 196:
 </​code>​ </​code>​
  
-Providing SSH keys can be increase usability ​of X2Go in several cases.+Providing SSH keys for X2Go Server sessions ​can be another mechanism ​of increasing usability (i.e. reducing the two authentication steps to one, see above).
  
 It is highly recommended to transfer SSH keys only over encrypted channels (HTTPS or SSH broker). ​ It is highly recommended to transfer SSH keys only over encrypted channels (HTTPS or SSH broker). ​
  
-It is also recommended to transfer ​only temporary ​keys, which should be removed from ''​authorized_keys''​ directly ​after successful authentication ​to X2Go server.+It is also recommended to only transfer a temporary ​key, which gets removed from the X2Go Server immediately ​after successful authentication ​against the X2Go server.
  
  
wiki/advanced/x2gobroker/howitworks.1364466175.txt.gz · Last modified: 2013/03/28 10:22 by sunweaver