SLUG Mailing List Archives
[SLUG] Re: Network Security Fest
- To: Slug <slug@xxxxxxxxxxx>
- Subject: [SLUG] Re: Network Security Fest
- From: Angus Lees <gusl@xxxxxxxxxxxxxxx>
- Date: Mon Oct 23 21:26:03 2000
- User-agent: Mutt/1.0.1i
> I'd be interested in hearing more about application proxy servers with
> authentication, in particular I'd like to know more about proxying X
> with authentication.
random ways of doing this (off the top of my head):
xhost - authentication by IP (not very secure)
xauth - authentication by whoever holds a token (pretty good assuming
no sniffing / encryption isn't important). rstart/rstartd is a way of
using this easily (using rsh). very good for NFS /home environments,
since the cookie is stored in $HOME and it all "just works".
redirecting over ssh - probably the most secure. the encryption slows
things down a bit. automatically running xauth on other machines tends
to upset the really paranoid, so don't forward X unnecessarily.
none of them is very hard to setup, once you know the right command.
xfwp - X proxy for use on gateways. not really an authentication thing
- more of a firewall/sysadmin thing.
lbxproxy, dxpc, etc - compression/caching proxies for low-bandwidth
(eg: over a modem) X connections. lbxproxy is the "official" X11 LBX
extension implementation, dxpc is not.