[arch-general] Arch Linux PC as a Remote Desktop Node
ProgAndy
admin at progandy.de
Fri Jul 27 19:24:15 UTC 2018
Am 27.07.2018 um 19:46 schrieb Foxtrot Mike via arch-general:
>
> On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
>> Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
>>> Here are the major tasks:
>>>
>>> 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am
>>> a little confused. There are supposedly many different ways with
>>> little changes to do this. [1] is one solution. LDAP is also a
>>> possibility. I need advice from someone who knows this field better
>>> than me :p
>>>
>>> 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess
>>> [2] will get this done.
>>>
>>> 3- How to ask freerdp to authenticate using the ticket received from
>>> TGT during LightDM Domain authentication? If I could somehow
>>> configure freerdp to use Kerberos Tickets then the user won't have to
>>> enter his Domain password again.
>>>
>>> 4- How to ask i3-wm to close the X-session when freeRDP quits? I read
>>> something a while ago about .xsession files to achieve this
>>> functionality, but can't find it now.
>>>
>> Hi Mike,
>>
>> You have some options here. I suggest you look into x2go and ltsp for
>> starters.
>> I don't suggest you use plain X over the network.
>>
>> With those 2 options you can have this kiosk mode you want, for the
>> users to only
>> be able to access windows.
>>
>> Regards,
>> Giancarlo Razzolini
> Thanks for the reply.
>
> The issue with x2go and ltsp is that I'll have to separately manage
> username and passwords for local Linux login. The solution that I'd
> rather prefer would use Active directory authentication so the current
> system administrator won't have to do anything extra. The group policies
> are already there. Once the Arch system is properly configured, I'd
> disable local logins so there will be very limited chance for a user to
> corrupt/modify Arch system. And ideally, the user would have no way to
> interact with the local system. Thats why I want to limit the user to
> freeRDP. Anything else, and the X-session expires.
>
> Plus, I am very much into embedded linux systems (routers, SBCs, etc). I
> think putting the various pieces together would be give me a lot more to
> learn as compared to using a third party specialized software such as a
> kiosk script.
>
> Regards.
The Arctica Project seems to be in the process of implementing exactly
what you want.
https://arctica-project.org/
https://github.com/ArcticaProject/remote-logon-service
Regards,
Andy
More information about the arch-general
mailing list