From Fedora Project Wiki
No edit summary
Line 59: Line 59:




[[Category:FeaturePageIncomplete]]
[[Category:FeatureReadyForWrangler]]
<!-- When your feature page is completed and ready for review -->
<!-- When your feature page is completed and ready for review -->
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->

Revision as of 22:07, 12 June 2011

Feature Name TigerVNC 1.1

Summary

TigerVNC 1.1 will be next major release which contains bunch of new features, notably VeNCrypt support which allows VNC traffic to be encrypted via TLS (and to use X.509 certificates) and PAM integration.

Owner

  • Email: atkac redhat com

Current status

  • Targeted release: Fedora 16
  • Last updated: 2011-Jun-12
  • Percentage of completion: 70%

Detailed Description

The main goal is to add encryption support to widely used VNC software - Xvnc server and vncviewer. Another goal is to add PAM support to Xvnc which allows fine-grained authentication configuration.

Benefit to Fedora

Remote desktop will be finally used over insecure networks.

Scope

TigerVNC upstream developers have to complete 1.1 release in time. There is currently (06/12/2012) a beta release.

How To Test

1. Compatibility - run "vncserver :1" and try to connect with various clients (vncviewer, vinagre)

2. Encryption with anonymous certificates - run "vncserver :1" - start vncviewer, select "Options" and select "Session encryption" to "TLS with anonymous certificates" - try to connect to the server

3. Encryption with X.509 certificates - setup X.509 certificates for server and client (check http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html for more info, for example) - start vncserver with "-x509key <path> -x509cert <path>" parameters. The first one is key of the X.509 certificate in PEM format and the second one is the X.509 certificate - start vncviewer, select "Options" and select "Session encryption" to "TLS with X509 certificates" and load proper CA file.

4. PAM support - will be updated

User Experience

Users can use VNC over insecure network without risks.

Dependencies

none

Contingency Plan

Compile TigerVNC without encryption support.

Documentation

none

Release Notes

TigerVNC now supports TLS encryption and Xvnc server is integrated with PAM. This allows users to use VNC over insecure networks and also allows fine-grained authentication configuration.

Comments and Discussion