5 rdp authentication, Rdp authentication – Sun Microsystems VIRTUALBOX VERSION 3.1.0_BETA2 User Manual
Page 104
7 Alternative front-ends; remote virtual machines
Note that rdesktop-vrdp can access USB devices only through /proc/bus/usb.
Please refer to chapter
, page
for further details on how
to properly set up the permissions. Furthermore it is advisable to disable automatic
loading of any host driver on the remote host which might work on USB devices to
ensure that the devices are accessible by the RDP client. If the setup was properly
done on the remote host, plug/unplug events are visible on the VBox.log file of the
VM.
7.4.5 RDP authentication
For each virtual machine that is remotely accessible via RDP, you can individually
determine if and how RDP connections are authenticated.
For this, use VBoxManage modifyvm command with the --vrdpauthtype op-
tion; see chapter
, page
for a general introduction.
Three methods of authentication are available:
• The “null” method means that there is no authentication at all; any client can
connect to the VRDP server and thus the virtual machine. This is, of course, very
insecure and only to be recommended for private networks.
• The “external” method provides external authentication through a special au-
thentication library.
VirtualBox comes with two default libraries for external authentication:
– On Linux hosts, VRDPAuth.so authenticates users against the host’s PAM
system.
– On Windows hosts, VRDPAuth.dll authenticates users against the host’s
WinLogon system.
In other words, the “external” method per default performs authentication with
the user accounts that exist on the host system. Any user with valid authentica-
tion credentials is accepted, i.e. the username does not have to correspond to
the user running the VM.
However, you can replace the default “external” authentication module with any
other module. For this, VirtualBox provides a well-defined interface that allows
you to write your own authentication module; see chapter
, page
for details.
• Finally, the “guest” authentication method performs authentication with a special
component that comes with the Guest Additions; as a result, authentication is
not performed with the host users, but with the guest user accounts. This method
is currently still in testing and not yet supported.
104