[arch-general] Arch Linux PC as a Remote Desktop Node

Foxtrot Mike fulcrummike at hotmail.com
Fri Jul 27 17:46:14 UTC 2018 


On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote:
> Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu:
>>
>> Here are the major tasks:
>>
>> 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am 
>> a little confused. There are supposedly many different ways with 
>> little changes to do this. [1] is one solution. LDAP is also a 
>> possibility. I need advice from someone who knows this field better 
>> than me :p
>>
>> 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess 
>> [2] will get this done.
>>
>> 3- How to ask freerdp to authenticate using the ticket received from 
>> TGT during LightDM Domain authentication? If I could somehow 
>> configure freerdp to use Kerberos Tickets then the user won't have to 
>> enter his Domain password again.
>>
>> 4- How to ask i3-wm to close the X-session when freeRDP quits? I read 
>> something a while ago about .xsession files to achieve this 
>> functionality, but can't find it now.
>>
> Hi Mike,
>
> You have some options here. I suggest you look into x2go and ltsp for 
> starters.
> I don't suggest you use plain X over the network.
>
> With those 2 options you can have this kiosk mode you want, for the 
> users to only
> be able to access windows.
>
> Regards,
> Giancarlo Razzolini

Thanks for the reply.

The issue with x2go and ltsp is that I'll have to separately manage 
username and passwords for local Linux login. The solution that I'd 
rather prefer would use Active directory authentication so the current 
system administrator won't have to do anything extra. The group policies 
are already there. Once the Arch system is properly configured, I'd 
disable local logins so there will be very limited chance for a user to 
corrupt/modify Arch system. And ideally, the user would have no way to 
interact with the local system. Thats why I want to limit the user to 
freeRDP. Anything else, and the X-session expires.

Plus, I am very much into embedded linux systems (routers, SBCs, etc). I 
think putting the various pieces together would be give me a lot more to 
learn as compared to using a third party specialized software such as a 
kiosk script.

Regards.

More information about the arch-general mailing list