Feature Name TigerVNC 1.1
Summary
TigerVNC 1.1 will be next major release which contains bunch of new features, notably VeNCrypt support which allows VNC traffic to be encrypted via TLS (and to use X.509 certificates) and PAM integration.
Owner
- Name: Adam Tkac
- Email: atkac redhat com
Current status
- Targeted release: Fedora 16
- Last updated: 2011-Nov-10
- Percentage of completion: 100%
Detailed Description
The main goal is to add encryption support to widely used VNC software - Xvnc server and vncviewer. Another goal is to add PAM support to Xvnc which allows fine-grained authentication configuration.
Benefit to Fedora
Remote desktop will be finally used over insecure networks.
Scope
TigerVNC upstream developers have to complete 1.1 release in time. There is currently (06/12/2012) a beta release.
How To Test
1. Compatibility - run "vncserver :1" and try to connect with various clients (vncviewer, vinagre)
2. Encryption with anonymous certificates - run "vncserver :1" - start vncviewer, select "Options" and select "Session encryption" to "TLS with anonymous certificates" - try to connect to the server
3. Encryption with X.509 certificates - setup X.509 certificates for server and client (check http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html for more info, for example) - start vncserver with "-x509key <path> -x509cert <path>" parameters. The first one is key of the X.509 certificate in PEM format and the second one is the X.509 certificate - start vncviewer, select "Options" and select "Session encryption" to "TLS with X509 certificates" and load proper CA file.
4. PAM support - will be updated
User Experience
Users can use VNC over insecure network without risks.
Dependencies
none
Contingency Plan
Compile TigerVNC without encryption support.
Documentation
none
Release Notes
TigerVNC now supports TLS encryption and Xvnc server is integrated with PAM. This allows users to use VNC over insecure networks and also allows fine-grained authentication configuration.