From Fedora Project Wiki

Revision as of 13:24, 8 December 2010 by Atkac (talk | contribs)

Feature Name TigerVNC 1.1

Summary

TigerVNC 1.1 will be next major release which contains bunch of new features, notably VeNCrypt support which allows VNC traffic to be encrypted via TLS (and to use X.509 certificates) and PAM integration.

Owner

  • Email: atkac redhat com

Current status

  • Targeted release: Fedora 15
  • Last updated: 2010-Dec-08
  • Percentage of completion: 70%

Detailed Description

The main goal is to add encryption support to widely used VNC software - Xvnc server and vncviewer. Another goal is to add PAM support to Xvnc which allows fine-grained authentication configuration.

Benefit to Fedora

Remote desktop will be finally used over insecure networks.

Scope

TigerVNC upstream developers have to complete 1.1 release in time.

How To Test

1. Compatibility - run "vncserver :1" and try to connect with various clients (vncviewer, vinagre)

2. Encryption with anonymous certificates - run "vncserver :1" - start vncviewer, select "Options" and select "Session encryption" to "TLS with anonymous certificates" - try to connect to the server

3. Encryption with X.509 certificates - setup X.509 certificates for server and client (check http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html for more info, for example) - start vncserver with "-x509key <path> -x509cert <path>" parameters. The first one is key of the X.509 certificate in PEM format and the second one is the X.509 certificate - start vncviewer, select "Options" and select "Session encryption" to "TLS with X509 certificates" and load proper CA file.

4. PAM support - will be updated

User Experience

Users can use VNC over insecure network without risks.

Dependencies

none

Contingency Plan

Compile TigerVNC without encryption support.

Documentation

none

Release Notes

TigerVNC now supports TLS encryption and Xvnc server is integrated with PAM. This allows users to use VNC over insecure networks and also allows fine-grained authentication configuration.

Comments and Discussion