LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-18-2009, 09:25 PM   #1
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Rep: Reputation: 16
Start gnome session for user at remote box.


Context:
I am looking for a way to start a graphical session under a different
user context for a remote user. So, in other words, VNC and FreeNX are not solutions since I don't want to start a session for myself, but for a different user who will not have a password. The hypothetical user needs access but cannot know the password. It's for a library Internet Cafe. We need to be able to log in guests who don't have library cards and are not part of our system jurisdiction.

Setup:
OS: Ubu 9.04 & 8.04. Multiple branches.
We have guest accounts already enabled but require us to locally input the password at the physical box. I would like to be able to start a session from my La-Z-boy whilst logged in via SSH.

I do not necessarily need a complete solution, but if you have an idea of where to look or start, I would be much obliged.

Thanks for reading!

Bub
 
Old 07-18-2009, 11:05 PM   #2
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 652

Rep: Reputation: 42
First, I am not sure I can help with a solution. But I have a similar situation.

I have a server that I ssh into for maintainance and what-not, but there are times I would like to launch the whole gui from a remote locale. So far I have not discovered how to to launch it through ssh. I have to go to the server and login to the gui then start the x11vnc-server. Then I can go back to a remote locale and login to the gui on the server.

It does occur to me that you may be able to launch your xsessions and leave them running with the x11vnc-server running. Then you can login to them from a remote local and enter the password and activate the session for the user. This happens with my linux boxes, but I have to use x11vnc because it actually shares the :0 (default/current) session where as the other vnc servers won't actually share :0.

There are some security issues with this approach that you would want to address.
 
Old 07-20-2009, 10:07 AM   #3
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Can't use VNC or related

A solution involving VNC or FreeNX and related would not be practical in my situation due to the number of locations/stations and the privacy issues involved. I cannot be allowed to see the display ( by choice/law/ethics/practicality ) and they cannot be allowed possession of the password. It sounds like you're looking for an ssh -X forwarding type scenario.

I'm looking for a sort of reverse command to pkill/skill for starting user sessions through SSH. A way to start a logged in gnome-session on display:0 without seeing what the patron sees. I can end sessions with pkill but need a way to start graphical sessions for other users from afar.

As I mentioned above, I imagine it would involve invoking a gnome-session on display:0 and somehow passing it different user credentials. I'm going to do a bit of the ol' RTFM and will update the post if I come across anything.

It's not something likely to be of any use to most people unless you run something like a school computer lab. Edubuntu allows you to do this through it's thin client system I believe.

Thanks for the input ...I appreciate the response.

Bub
 
Old 07-21-2009, 05:19 AM   #4
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 652

Rep: Reputation: 42
Something occured to me this morning that might be a work around for you. What about single-use passwords? Let me explain.

With a very strict password aging policy set up and an automatic password generating and changing script the user could be given the password. It may be adviseable to not hide the password so the user can see it as entered because it would mean that if they entered it wrong they would have to come back to the desk to get a new one.

Not a perfect solution but it may be a work around.
 
Old 07-22-2009, 08:57 PM   #5
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Hmmm ...that is an interesting idea.

That would work, but, "Devil's in the Details" as they say. Distribution
of the password to numerous locations might be an issue. Then again ...maybe not.

We would have to distribute these passwords daily/weekly to numerous
branches for 130 stations. I suppose you could generate a new /etc/passwd daily and rsync it from a central box then set your script to auto-mail the password to each location.

...I'll consider that, am still thinking of other details.

I'm still curious as to how one would go about opening a gnome-session
on display:0 for a remote user, but thanks for the suggestion. I will look into it further.

Bub
 
Old 07-24-2009, 03:43 PM   #6
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA
Distribution: Debian/ Fedora
Posts: 414

Rep: Reputation: 33
Need to be more specific

Quote:
Originally Posted by bubnoff View Post
Context:
I am looking for a way to start a graphical session under a different
user context for a remote user. So, in other words, VNC and FreeNX are not solutions since I don't want to start a session for myself, but for a different user who will not have a password. The hypothetical user needs access but cannot know the password. It's for a library Internet Cafe. We need to be able to log in guests who don't have library cards and are not part of our system jurisdiction.

Setup:
OS: Ubu 9.04 & 8.04. Multiple branches.
We have guest accounts already enabled but require us to locally input the password at the physical box. I would like to be able to start a session from my La-Z-boy whilst logged in via SSH.

I do not necessarily need a complete solution, but if you have an idea of where to look or start, I would be much obliged.

Thanks for reading!

Bub
Bub,
What exactly are you trying to do?? Allow users to login without a password? Will each remote user be on a sperate computer? Will the remotes be a 'thin client'?

Things that come to mind are:
  • ssh using RSA keys
  • use DISPLAY to point to remote clients.
  • use multiple X servers
You are going to need a super powerful server.

Need more specs.
 
Old 07-25-2009, 12:38 PM   #7
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Remote X

The scenario is:
To use a public computer you must:
  1. Have a library card
  2. input barcode
  3. input PIN

The issue is then dealing with tourists who do not have library cards. The last system we had allowed you to log on a tourist from the desk. I am wondering how to reproduce this. The effect would be that the machine would log them in to a generic guest account without them doing anything.

They are not thin clients. So as I see it, you'd have to start a gnome-session on the current display ( :0 ) from an ssh session. Additionally, you'd have to give it the credentials or context of a generic guest user.
Or, you might create a script on the computers themselves that would initiate the login sequence, then just start the script from an SSH session.

Thanks for reading -

Bub
 
Old 07-26-2009, 01:57 PM   #8
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA
Distribution: Debian/ Fedora
Posts: 414

Rep: Reputation: 33
Quote:
Originally Posted by bubnoff View Post
The scenario is:
To use a public computer you must:
  1. Have a library card
  2. input barcode
  3. input PIN

The issue is then dealing with tourists who do not have library cards. The last system we had allowed you to log on a tourist from the desk. I am wondering how to reproduce this. The effect would be that the machine would log them in to a generic guest account without them doing anything.

They are not thin clients. So as I see it, you'd have to start a gnome-session on the current display ( :0 ) from an ssh session. Additionally, you'd have to give it the credentials or context of a generic guest user.
Or, you might create a script on the computers themselves that would initiate the login sequence, then just start the script from an SSH session.

Thanks for reading -

Bub
This seems simple to me. Just start an X-manager on each PC, let gdm handle the validation. The 'nocard user' will enter something like 'guest' for the username and run with that profile. No password is required. Any other username will require the library card and pin.

I am assuming that you are running linux on these PCs and your load is just http traffic?

Don't confuse the X manager with the session manager. They are two separate things. You can use Gnome, KDE, Fluxbox or anyone of many other Desktop Managers. I would recommend Fluxbox for this application. It is lightweight and will do what you want without the heavy overhead of say Gnome.

You could in fact setup the remote PCs to boot from a live CD to limit hacking and reduce the power requirements and costs.

What apps do you wish to support?

Bottom line, Yes it can be done very easily.
 
Old 07-27-2009, 01:07 AM   #9
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Need to validate

The "nocard" idea will not work. We already have a catalog-only account that works this way. The SIP authentication we use checks accounts for blocks before authenticating. A patron with blocks ( lost items etc. ) could then easily subvert the system by using the "nocard" account.

A guest account with daily or weekly generated passwords as suggested above looks like the most feasible.

At this point it's primarily curiosity as I've seen this feature on our last system and am wondering how to duplicate it. It allowed staff to log on guests remotely from their desks without dealing with barcodes and passwords or accounts. So the guest would sit at the computer, and the station would log on automatically ( hands-free ), having been started from the front desk. I am wondering what the session manager is doing behind the scenes that could be initiated from an SSH session.

These are all Linux stations. Using Windows on public machines is pure masochism. We did this ( Windows ) for seven years and while Windows is decent for home and business use ( though obviously, I prefer penguins ), it is sheer insanity to use for public computers.

GDM is already running, with Gnome set as the default WM. While I like Fluxbox, for those used to menus and start buttons etc. Gnome is preferred.

Thanks for your input --

Bubnoff
 
  


Reply

Tags
gnome


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote gnome session ErgonomousCowherd Linux - Newbie 1 02-17-2008 05:04 AM
Remote Gnome-session on a Ubuntu-box zupidupi Ubuntu 4 01-13-2008 12:49 PM
can't start remote X session PAM error felkin Linux - General 6 08-25-2004 08:27 PM
start VNC in remote x session yourEgg Linux - Networking 0 05-17-2004 05:48 PM
How to start a remote X session? ejennings_98 Linux - Newbie 2 02-22-2004 10:08 PM


All times are GMT -5. The time now is 03:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration