* TurboVNC Security Extensions
{anchor: Security_Extensions}

** Terminology

In an attempt to maintain consistency with other VNC implementations, TurboVNC
uses the following terminology when referring to its security extensions:

	Authentication Method :: {:}
		A technique that the VNC server uses to validate authentication credentials
		sent from a VNC viewer.  If the credentials sent from a particular VNC
		viewer are not valid, then that viewer is not allowed to connect.

	Authentication Scheme :: {:}
		A protocol used to send authentication credentials from a VNC viewer to a
		VNC server for validation.  Some authentication schemes are required by the
		RFB protocol specification, and others are implemented as extensions to
		that specification.

	Encryption Method :: {:}
		A technique used to encrypt the data sent between the VNC server and the
		VNC viewer

	Security Type :: {:}
		A specific combination of an authentication method, an authentication
		scheme, and an encryption method

** TurboVNC Server Authentication Methods

	No Authentication :: {:}
		The VNC server does not authenticate the VNC viewer at all.

	VNC Password Authentication :: {:}
		A session password sent from the VNC viewer is validated against a password
		file, which is typically located under the user's home directory on the
		VNC host.  The VNC password is separate from any other login credentials
		and thus represents less of a security threat if compromised (that is,
		assuming the VNC password and the user's account password are not the
		same.)

	One-Time Password (OTP) Authentication :: {:}
		Using the ''vncpasswd'' program, a unique password is generated "on the
		fly" for the TurboVNC session, and the password is printed on the command
		line (see the man page for ''vncpasswd'' for more details.)  The user
		enters this password in the VNC viewer, and the VNC viewer sends the
		password to the server as if it were a VNC password.  However, once the OTP
		has been used to authenticate a viewer, the OTP is forgotten and cannot be
		reused.  OTP authentication can be used, for instance, to launch or connect
		to TurboVNC sessions from an automated web portal or from a job scheduler.
		OTP authentication is also useful for allowing temporary access to a
		TurboVNC session for collaboration purposes.

	PAM User/Password Authentication :: {:}
		The VNC server uses Pluggable Authentication Modules (PAM) to validate a
		username and password received from a VNC viewer.  The password received
		from the VNC viewer need not necessarily be validated against the user's
		account password.  Generally, the TurboVNC Server can validate the username
		and password using any authentication credentials that can be accessed
		through PAM.  Since the user/password authentication schemes supported by
		TurboVNC (see below) transmit the password from the VNC viewer to the VNC
		server as plain text, it is strongly recommended that the PAM User/Password
		authentication method be used only with session encryption or if the
		session is restricted to allow only loopback (SSH) connections and to
		disallow reverse connections (see
		{ref prefix="Section ": Secure_TurboVNC_Usage}.)

** TurboVNC Viewer Authentication Schemes

	None :: {:}
		No authentication credentials are sent to the server.

	Standard VNC Authentication :: {:}
		A password is sent to the server using a DES-encrypted
		challenge/response scheme.  The password can be up to 8 characters long,
		so the DES key length is 56 bits.  This is not a particularly strong form
		of encryption by today's standards (56-bit DES was broken by brute force
		attack in the late 90's.)

	Unix Login/Plain Authentication :: {:}
		Both the username and password are sent to the VNC server as plain text.
		Thus, it is __strongly__ recommended that this authentication scheme
		be used only with VNC connections that are encrypted using TLS (see below)
		or SSH (see {ref prefix="Section ": Secure_TurboVNC_Usage}.)  Per the RFB
		spec, this authentication scheme is referred to as "Unix Login" when used
		with a TightVNC-compatible server and "Plain" when used with a
		VeNCrypt-compatible server.

** Supported Encryption Methods

The Linux/Un*x/Mac/Java TurboVNC Viewer and the TurboVNC Server support three
encryption methods:

	None :: {:}
		No encryption

	Anonymous TLS Encryption :: {:}
		The connection is encrypted using TLS (Transport Layer Security) without
		authentication (i.e. without a certificate.)

	TLS/X.509 Encryption :: {:}
		The connection is encrypted using TLS with a specified X.509 certificate.

** Supported Security Types

The TurboVNC Server and Linux/Un*x/Mac/Java TurboVNC Viewer support the
following security types:

|| Server Security Type || Authentication Method || Encryption Method || \
	Viewer Security Type || Authentication Scheme || Compatibility ||
| None | None | None | None | None | RFB 3.3+ |
| VNC | VNC Password | None | VNC | Standard VNC | RFB 3.3+ |
| OTP | One-Time Password | None | VNC | Standard VNC | RFB 3.3+ |
| Plain | PAM User/Password | None | Plain | Plain | RFB 3.7+ with VeNCrypt extensions |
| TLSNone | None | Anonymous TLS | TLSNone | None | RFB 3.7+ with VeNCrypt extensions |
| TLSVnc | VNC Password | Anonymous TLS | TLSVnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| TLSOtp | One-Time Password | Anonymous TLS | TLSVnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| TLSPlain | PAM User/Password | Anonymous TLS | TLSPlain | Plain | RFB 3.7+ with VeNCrypt extensions |
| X509None | None | TLS/X.509 | X509None | None | RFB 3.7+ with VeNCrypt extensions |
| X509Vnc | VNC Password | TLS/X.509 | X509Vnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| X509Otp | One-Time Password | TLS/X.509 | X509Vnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| X509Plain | PAM User/Password | TLS/X.509 | X509Plain | Plain | RFB 3.7+ with VeNCrypt extensions |
| UnixLogin | PAM User/Password | None | UnixLogin | Unix Login | RFB 3.7+ with TightVNC extensions |
#OPT: hiCol=1,4

	!!! NOTE: The security type names are case-insensitive.  The capitalization
	conventions above are used in order to maintain consistency with the RFB
	protocol specification.

** Enabling Security Types

The default behavior of the TurboVNC Server is for all security types except
"TLSNone", "X509None", and "None" to be enabled and for VNC Password and OTP
authentication to be preferred over PAM User/Password authentication.  However,
the system administrator can disable one or more of the security types or set
the preferred order of the security types by editing the TurboVNC security
configuration file.  See the ''Xvnc'' man page for more details.

If the VNC server allows multiple security types, then the VNC viewer's default
security type will be determined by the server's preferred security type.  In
this case, the user can override the default by passing command-line arguments
to ''vncviewer''.  If the VNC server prefers a security type that supports
Standard VNC authentication, then the user can force the use of
Unix Login/Plain authentication by passing an argument of
{pcode: -user __user-name__} to ''vncviewer'' when connecting to the TurboVNC
session.  Similarly, if the VNC server prefers a security type that supports
Unix Login/Plain authentication, then the user can force the use of Standard
VNC authentication by passing an argument of ''-nounixlogin'' to ''vncviewer''.
Both of these command-line options work with all versions of the TurboVNC
Viewer.  When using the Java TurboVNC Viewer, you can also accomplish the same
thing by unchecking "Unix Login" or "Plain" or "Standard VNC" in the "Security"
tab of the Options dialog or by limiting the available security types using the
''SecurityTypes'', ''User'', or ''NoUnixLogin'' arguments/parameters.

If the system administrator has not restricted any of the server security types
on a system-wide basis, then the user can choose to disable some or all of them
for a particular TurboVNC session by using the ''-SecurityTypes'' command-line
argument when starting the session.  See the ''Xvnc'' man page for more
details.

** Further Reading

For more detailed information about the TurboVNC security extensions,
refer to the TurboVNC man pages:

	#Verb: <<---
	man -M /opt/TurboVNC/man vncserver
	man -M /opt/TurboVNC/man Xvnc
	man -M /opt/TurboVNC/man vncpasswd
	---
