On Tue, 2006-01-24 at 15:57, Maciej Żenczykowski wrote:
I've read through the thread you provided and I'm not convinced. Indeed it still seems like a bad design decision to me. Why isn't the normal ssh authentication good enough for NX?
I think the idea was to have a minimally-privileged program that can't do anything but provide a tunnel.
And if there is some need for a different authentication than it should still - also support normal ssh by default for all the other cases - like mine - where it's not needed.
That's probably possible if you want to work at it. I don't see why all the components of the server couldn't run as you if you trust them not to delete your files - unless sessions for different users share a cache of some sort.