Bug#856436: xrdp: client is not connecting when security_layer=tls
Dominik George
nik at naturalnet.de
Tue Mar 7 10:55:12 UTC 2017
Hi,
> In Debian, xrdp daemon is executed by xrdp user privilege. However,
> certificate's
> private key is not accessible by xrdp user.
>
> Possible solutions are:
> - Adjust permission/owner of private key file to be accessible from xrdp
> user
> - Add xrdp user to ssl-cert group
Well, the third and only correct solution would be xrdp getting its own
mechanism for dropping prvileges, so it could read the key as root and
then drop to the xrdp user.
For now, I think the local administrator should add xrdp to the ssl-cert
group if they want to use TLS. This is IMHO not a bug in the package,
because by default, xrdp also uses RDP security and adding daemon users
to ssl-cert is a common and well-known practice.
-nik
--
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296
Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/
Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer
LPIC-3 Linux Enterprise Professional (Security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-remote-team/attachments/20170307/3213c0ac/attachment.sig>
More information about the pkg-remote-team
mailing list