Project

General

Profile

Feature #10691

Want rdesktop with GSS-API and TLS v1.3

Added by Espen Martinsen 3 months ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
OI-Userland
Target version:
Start date:
2019-04-03
Due date:
% Done:

50%

Estimated time:
Difficulty:
Medium
Tags:

Description

Hi,
I use openindiana/hipster daily as core OS, and have been using rdesktop against some terminal-servers to do work on window-machines.
Lately it has become more common to deny connections not supporting credSSP and TLSv3 (1,3?)

Therefore - I wish openindiana/hipster could switch from rdesktop, to xfreerdp or remmina, using "libgssglue".

History

#1

Updated by Alexander Pyhalov 2 months ago

Hi. Currently we ship rdesktop 1.8.3, which supports CredSSP. To use it, first you should get kerberos ticket with kinit. Then you can use rdesktop -u 'user@DOMAIN' host.

#2

Updated by Espen Martinsen 2 months ago

Hi Alexander,
I rtied that but the WTS I'm need to access will just accept TLSv1.3 if I understand it correctly. My solution is VIrtualbox w/debian stretch + xfreerdp/remmina. Works for now.
It might get in there if/when openSSL1.1 or higher and rdesktop 1.8.4+ is coming. I can wait!

-e

#3

Updated by Michal Nowak about 1 month ago

  • Subject changed from I wish openindiana/hipser will support a modern "rdesktop" to Want rdesktop with GSS-API and TLS v1.3
  • Category set to OI-Userland
  • Status changed from New to Feedback
  • Assignee set to Michal Nowak
  • Target version set to Hipster
  • % Done changed from 0 to 50
  • Tags deleted (needs-triage)

Espen, for this request to be satisfied rdesktop needs to be updated to the development/master branch, and thus warrants more testing that usual.

Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

#4

Updated by Michal Nowak 22 days ago

Michal Nowak wrote:

Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

Now the PR is ready to be tested. Feedback is required to proceed.

#5

Updated by Espen Martinsen 10 days ago

Michal Nowak wrote:

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

Now the PR is ready to be tested. Feedback is required to proceed.

Hi,
I managed to clone oi-userland, and build component desktop/rdesktop, but unsure how to put pull/5025 on top of it.
can you help?

-espenM

#7

Updated by Espen Martinsen 7 days ago

Michal Nowak wrote:

Try https://patch-diff.githubusercontent.com/raw/OpenIndiana/oi-userland/pull/5025.patch and rebuild.

Hi,
1.st try, did not work well,

I've now found out that it is TLS1.2, and tried with -V 1.2 and a correct KRB-ticket. none,
Then I found out that the CLIENT need to be a member of the domain, not just the user.
This will be my next test. but have to simulate it in a LAB-environment.
I'll report back!
-espenM
#8

Updated by Ben Franck 1 day ago

Please note that xfreerdp client compiles easily on Hipster

Also available in: Atom PDF