[FreeNX-kNX] FreeNX Security Model Challenge

Mon Jul 11 16:51:39 UTC 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Mittwoch, 15. Juni 2005 11:08 schrieb Paul van der Vlis:

> It opens a door with a very secure lock (SSH) to a door with a less
> tested lock (FreeNX).

Yes, but the alternative would be to do it the Microsoft way:

Let FreeNX run as root.

... Wait thats a bit more insecure, isn't it?

Ok,

here is a challenge for you.

Make a concept, which is:

- - As secure as SSH
        * In FreeNX _almost_ reached.
        * Key is protected from using port-forwarding / ...
        * nxserver shell was audited by SuSE Security Team.

- - Allows central secure session management
        * Possible in FreeNX since day 0,5.

- - Allows load balancing
        * Possible in FreeNX 0.5.0.

- - Allows NX sessions only (possibly via KDE KIOSK, where you never see a
shell)
        * Possible In FreeNX since day 0,5.

- - Allows usage of public keys / smart cards / ...
        * I've recently proven that its possible with the current model.

- - Is easy to setup
        * This means no Kerberos infrastructure as dependancy for example.
        * FreeNX is _almost_ easy to setup once you've understood the key/SSH
hassles.

If you provide me with such an architecture, I'll upgrade FreeNX to support it
asap. (If not, please shutup asap about the flaws of the current model)

cu

Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0qOdI0lSH7CXz7MRAqLkAJ9Wxz944EouHUZSJza3ZvY23gNPaQCdH+d9
D53QjyppnKwK3Mu+n9F6ncE=
=SPjO
-----END PGP SIGNATURE-----