Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Transparent authentication

Should you have problems with the MS logon plugin, here's the place to look for help or report issues
Post Reply
NoFastidies
20
20
Posts: 39
Joined: 2007-02-02 10:47
Location: Everywhere (sometimes in more than one place)
Contact:

Transparent authentication

Post by NoFastidies »

Is it possible for UltraVNC to use MS logon transparently without asking username/password just like any other domain application does (IE, Firefox, WSH, ...)?
X3
100
100
Posts: 280
Joined: 2007-12-11 08:50
Location: 51.30 N 0.10 W
Contact:

Re: Transparent authentication

Post by X3 »

just one topic below yours asking pretty much the same...

[topic=12169][/topic]
Regards

Image
NoFastidies
20
20
Posts: 39
Joined: 2007-02-02 10:47
Location: Everywhere (sometimes in more than one place)
Contact:

Re: Transparent authentication

Post by NoFastidies »

X3 wrote:just one topic below yours asking pretty much the same...

[topic=12169][/topic]
No, it is different. If you do not supply vnc password you won't be able to connect at all regardless of whatever you've choosen MS logon or not. This is what the link above is about.

Here I am asking if it is possible to setup transparent authentication for MS Logon when username and password are automatically negotiated without need to enter them explicitly. IIRC it is called domain SSPI.
X3
100
100
Posts: 280
Joined: 2007-12-11 08:50
Location: 51.30 N 0.10 W
Contact:

Re: Transparent authentication

Post by X3 »

ask Redge... ;)

Im having issues with both mslogon and mslogonII

I rather input passwords anywho...
Last edited by X3 on 2008-02-26 13:45, edited 1 time in total.
Regards

Image
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Transparent authentication

Post by redge »

FAQ
[topic=8051][/topic]
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
plastikat
Posts: 5
Joined: 2008-11-19 15:00
Location: Russian Federation

Re: Transparent authentication

Post by plastikat »

the subj is also called a 'single sign-on' and the developers say that it's not possible with 1.0.5 release (i've read it at some other part of this forum, sorry, haven't saved the link).

if someone is still intrested, i can share my solution to this subject, which is simplier than the one mentioned above (because it requires to 3d-party tools), but as a disadvantage it's a bit less secure...

the vncviewer executable (vncviewer.exe) has (among others) these command-line options:
[/user msuser] [/password clearpassword]

to launch vncviewer i use a prepared set of settings files (*.vnc), one for each workstation (this file type is assumed to be registered). so i've simply edited the command line used for 'open' action of this file type by adding the options, mentioned above, and supplying appropriate username and password - and, voila, i have 'almost transparent' authentication :) BUT! alas, as any other writing down of cleartext passwords, it's a security risk :(

to make it more secure i've edited the corresponding registry key's permisions with regedit (by removing inheritance and all entries but one administrative group, giving it 'full control' rights) - if you don't know how to do it, then you are not advised to do it (and - if security is your aim - shouldn't use this method at all)

also, if you launch vncviewer by itself, you may probably do pretty much the same by launching it with a batch file instead and securing this batch with the usual file permisions - but it's an assumption only - i have not tested it )
yossik
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Post by yossik »

plastikat
could you give me a sample of the command line used to conect?
plastikat
Posts: 5
Joined: 2008-11-19 15:00
Location: Russian Federation

Re: Transparent authentication

Post by plastikat »

yossik:

if using the method with file association (which i've mentioned in my post) then the corresponding registry entry should look like this:
[HKEY_CLASSES_ROOT\VncViewer.Config\shell\open\command]
(default)="C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword -config "%1"

if using the regular command line:
vncviewer.exe -user YourUserName -password YourUserPassword YourHostName
(add any other options you need)
the regular command line method works, i've tested it;
one can write a simple batch file, which would contain YourUserName and YourUserPassword, and would accept YourHostName as a parameter.
Last edited by plastikat on 2009-08-04 08:17, edited 1 time in total.
yossik
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Post by yossik »

i ran this command

"C:\Program Files\UltraVNC\vncviewer.exe" -user YourUserName -password YourUserPassword hostname

and it still prompted me for my user name and password
ricka
Posts: 4
Joined: 2006-06-16 15:37

Re: Transparent authentication

Post by ricka »

yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.
yossik
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Post by yossik »

ricka wrote:yossik: I've had problems with the authentication via command line if the Server version is below 1.0.2. Check that it isn't an old version.

I for one find this ridiculous. I can specify command line arguments, but the .vnc files can't save the username and passwords for domain authentication properly and send them across? And the posted "fix" for this is downloading 3rd party software to do the work for you???

Please consider adding support for domain authentication into the .vnc files (with password encryption) as I am not comfortable with leaving my password in plain text shortcut links, but I'm lazy enough that I don't like typing in a domain/username and password every time I want to connect to our many VMs running UltraVNC.
How could i find out what Server version I have?
ricka
Posts: 4
Joined: 2006-06-16 15:37

Re: Transparent authentication

Post by ricka »

When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.
yossik
Posts: 4
Joined: 2009-03-31 18:48

Re: Transparent authentication

Post by yossik »

ricka wrote:When you are in the server (the host machine, the machine you are trying to connect to), the VNC logo should be running in the system tray (bottom right near the clock, the logo looks like an eye).

Right click that eye and go to the "About WinVNC option". The first line should tell you the version.

Alternatively, you can go to "Control Panel -> Add/Remove programs" and look for UltraVNC in the list, the version should be right beside it.
Thanks
Post Reply