* TurboVNC Security Extensions
{anchor: Security_Extensions}

** Terminology

In an attempt to be consistent with other VNC implementations, TurboVNC uses
the following terminology when referring to its security extensions:

	Authentication Method :: {:}
		A technique that the VNC server uses to validate authentication credentials
		sent from a VNC viewer.  If the credentials sent from a particular VNC
		viewer are not valid, then that viewer is not allowed to connect.

	Authentication Scheme :: {:}
		A protocol used to send authentication credentials from a VNC viewer to a
		VNC server for validation.  Some authentication schemes are required by the
		RFB protocol specification, and others are implemented as extensions to
		that specification.

	Encryption Method :: {:}
		A technique used to encrypt the data sent between the VNC server and the
		VNC viewer

	Security Type :: {:}
		A specific combination of an authentication method, an authentication
		scheme, and an encryption method

** TurboVNC Server Authentication Methods

	No Authentication :: {:}
		The VNC server does not authenticate the VNC viewer at all.

	VNC Password Authentication :: {:}
		A session password sent from the VNC viewer is validated against a password
		file, which is typically located under the user's home directory on the
		VNC host.  The VNC password is separate from any other login credentials
		and thus represents less of a security threat if compromised (that is,
		assuming the VNC password and the user's account password are not the
		same.)

	One-Time Password (OTP) Authentication :: {:}
		Using the ''vncpasswd'' program, a unique password is generated "on the
		fly" for the TurboVNC session, and the password is printed on the command
		line.  (See the ''vncpasswd'' man page for more details.)  The user enters
		this password into the VNC viewer, and the VNC viewer sends the password to
		the server as if it were a VNC password.  However, once the OTP has been
		used to authenticate a viewer, the OTP is forgotten and cannot be reused.
		OTP authentication can be used, for instance, to launch or connect to
		TurboVNC sessions from an automated web portal or from a job scheduler.
		OTP authentication is also useful for allowing temporary access to a
		TurboVNC session for collaboration purposes.  The
		[[#TurboVNC_Session_Manager][TurboVNC Session Manager]] uses OTP
		authentication by default, which allows it to securely authenticate with a
		TurboVNC session without prompting for additional credentials.

	PAM User/Password Authentication :: {:}
		The VNC server uses Pluggable Authentication Modules (PAM) to validate a
		username and password received from a VNC viewer.  The password received
		from the VNC viewer need not necessarily be validated against the user's
		account password.  Generally, the TurboVNC Server can validate the username
		and password using any authentication credentials that can be accessed
		through PAM.  Since the user/password authentication schemes supported by
		TurboVNC (see below) transmit the password from the VNC viewer to the VNC
		server as plain text, it is strongly recommended that the PAM User/Password
		authentication method be used only with session encryption or if the
		session is restricted to allow only loopback (SSH) connections and to
		disallow reverse connections (see
		{ref prefix="Section ": Secure_TurboVNC_Usage}.)

** TurboVNC Viewer Authentication Schemes

	None :: {:}
		No authentication credentials are sent to the server.

	Standard VNC Authentication :: {:}
		A password is sent to the server using a DES-encrypted
		challenge/response scheme.  The password can be up to 8 characters long,
		so the DES key length is 56 bits.  This is not a particularly strong form
		of encryption by today's standards.  (56-bit DES was broken by brute force
		attack in the late 1990s.)

	Unix Login/Plain Authentication :: {:}
		Both the username and password are sent to the VNC server as plain text.
		Thus, it is __strongly__ recommended that this authentication scheme
		be used only with VNC connections that are encrypted using TLS (see below)
		or SSH (see {ref prefix="Section ": Secure_TurboVNC_Usage}.)  Per the RFB
		spec, this authentication scheme is referred to as "Unix Login" when used
		with a TightVNC-compatible server and "Plain" when used with a
		VeNCrypt-compatible server.

** Supported Encryption Methods

TurboVNC supports three encryption methods:

	None :: {:}
		No encryption

	Anonymous TLS Encryption :: {:}
		The connection is encrypted using TLS (Transport Layer Security) without
		authentication (i.e. without a certificate.)

	TLS/X.509 Encryption :: {:}
		The connection is encrypted using TLS with a specified X.509 certificate.

** Supported Security Types

TurboVNC supports the following security types:

|| Server Security Type || Authentication Method || Encryption Method || \
	Viewer Security Type || Authentication Scheme || Compatibility ||
| None | None | None | \
	None | None | RFB 3.3+ |
| VNC | VNC Password | None | \
	VNC | Standard VNC | RFB 3.3+ |
| OTP | One-Time Password | None | \
	^ | ^ | ^ |
| Plain | PAM User/Password | None | \
	Plain | Plain | RFB 3.7+ with VeNCrypt extensions |
| TLSNone | None | Anonymous TLS | \
	TLSNone | None | RFB 3.7+ with VeNCrypt extensions |
| TLSVnc | VNC Password | Anonymous TLS | \
	TLSVnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| TLSOtp | One-Time Password | Anonymous TLS | \
	^ | ^ | ^ |
| TLSPlain | PAM User/Password | Anonymous TLS | \
	TLSPlain | Plain | RFB 3.7+ with VeNCrypt extensions |
| X509None | None | TLS/X.509 | X509None | \
	None | RFB 3.7+ with VeNCrypt extensions |
| X509Vnc | VNC Password | TLS/X.509 | \
	X509Vnc | Standard VNC | RFB 3.7+ with VeNCrypt extensions |
| X509Otp | One-Time Password | TLS/X.509 | \
	^ | ^ | ^ |
| X509Plain | PAM User/Password | TLS/X.509 | \
	X509Plain | Plain | RFB 3.7+ with VeNCrypt extensions |
| UnixLogin | PAM User/Password | None | \
	UnixLogin | Unix Login | RFB 3.7+ with TightVNC extensions |
#OPT: hiCol=1,4

	!!! NOTE: The security type names are case-insensitive.  The capitalization
	conventions above are used for consistency with the RFB protocol
	specification.

** Enabling Security Types

The default behavior of the TurboVNC Server is for all security types except
TLSNone, X509None, and None to be enabled and for VNC Password and OTP
authentication to be preferred over PAM User/Password authentication.  However,
the system administrator can disable one or more of the security types or
change their preferred order by editing the TurboVNC security configuration
file.  See the ''Xvnc'' man page for more details.  Note that only the OTP
security type is needed when using the
[[#TurboVNC_Session_Manager][TurboVNC Session Manager]] with its default
settings.

If the VNC server allows multiple security types, then the TurboVNC Viewer's
default security type will be determined by the server's preferred security
type.  In this case, the user can override the default by using the TurboVNC
Viewer's ''SecurityTypes'', ''User'', and ''NoUnixLogin'' parameters.  If the
VNC server prefers a security type that supports Standard VNC authentication,
then the user can force the use of Unix Login/Plain authentication by setting
the TurboVNC Viewer's ''User'' parameter to __''user-name''__ when connecting
to the VNC server.  Similarly, if the VNC server prefers a security type that
supports Unix Login/Plain authentication, then the user can force the use of
Standard VNC authentication by setting the ''NoUnixLogin'' parameter.  The same
thing can also be accomplished by unchecking specific security types in the
"Security" tab of the TurboVNC Viewer Options dialog or by using the
''SecurityTypes'' parameter to limit the available security types or change
their preferred order.

If the system administrator has not restricted any of the server security types
on a system-wide basis, then the user can disable some of them, or change their
preferred order, for a particular TurboVNC session by using the
''-securitytypes'' command-line argument when starting the session (or by
setting the ''$securityTypes'' variable in {file: turbovncserver.conf}.)  See
the ''Xvnc'' man page for more details.

** Further Reading

For more detailed information about the TurboVNC security extensions,
refer to the TurboVNC man pages:

	#Verb: <<---
	man -M /opt/TurboVNC/man vncserver
	man -M /opt/TurboVNC/man Xvnc
	man -M /opt/TurboVNC/man vncpasswd
	---
