[FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'"
Rick Stout
zipsonic at gmail.com
Thu Oct 21 23:47:47 UTC 2004
Rick Stout wrote:
> Jean-Eric, I want to take a stab at your questions.
>
> Jean-Eric Cuendet wrote:
>
>>
>>> Think of this: You could of course devise an NX architecture which
>>> does all this under the name of the respective NX end user. But it
>>> would be more complicated for this end user, no? But would it be more
>>> secure, by not using this "semi-public" nomachine-key? After all,
>>> this is how we all log into remote machines.
>>
>>
> This, I believe, should be an end goal.
>
>>
>> 2 questions Kurt,
>> Do you know what will happen if the NX user is compromised? Will he
>> authorize more than what the nx user owns? I mean, does he contain ssh
>> keys to log to certain users? Or not?
>>
> If the nx user is compromised and somehow obtained a normal shell, the
> file /etc/nxserver/users.id_dsa would allow a user to logon as any user
> that had previously logged on with nx.
>
>> And another one: Why couldn't we open an SSH session to the end user
>> (not the nx user) and passing a command to execute like :
>> "/usr/bin/nxserver" or "/usr/bin/nxnode" or something like that? Would
>> it work?
>>
> It is possible to do this. The commands are all listed in nxnode, and I
> know i've seen a HOWTO somewhere on this (can't find it at the moment,
> but its late, and I really need some sleep). The only problem with this
> is that you could not use the !M client to logon using that method.
Found it! This document should get you started:
http://www.nomachine.com/documentation/html/building-components.html
>
>> -jec
>> _______________________________________________
>> FreeNX-kNX mailing list
>> FreeNX-kNX at kde.org
>> https://mail.kde.org/mailman/listinfo/freenx-knx
>>
>>
>>
> _______________________________________________
> FreeNX-kNX mailing list
> FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
>
>
>
More information about the FreeNX-kNX
mailing list