Sun Microsystems VERSION 3.1.0_BETA2 user manual RDP authentication

7 Alternative front-ends; remote virtual machines

Note that rdesktop-vrdp can access USB devices only through /proc/bus/usb. Please refer to chapter 11.5.7, USB not working, page 164 for further details on how to properly set up the permissions. Furthermore it is advisable to disable automatic loading of any host driver on the remote host which might work on USB devices to ensure that the devices are accessible by the RDP client. If the setup was properly done on the remote host, plug/unplug events are visible on the VBox.log file of the VM.

7.4.5 RDP authentication

For each virtual machine that is remotely accessible via RDP, you can individually determine if and how RDP connections are authenticated.

For this, use VBoxManage modifyvm command with the --vrdpauthtype op- tion; see chapter 8.5, VBoxManage modifyvm, page 114 for a general introduction. Three methods of authentication are available:

•The “null” method means that there is no authentication at all; any client can connect to the VRDP server and thus the virtual machine. This is, of course, very insecure and only to be recommended for private networks.

•The “external” method provides external authentication through a special au- thentication library.

VirtualBox comes with two default libraries for external authentication:

–On Linux hosts, VRDPAuth.so authenticates users against the host’s PAM system.

–On Windows hosts, VRDPAuth.dll authenticates users against the host’s WinLogon system.

In other words, the “external” method per default performs authentication with the user accounts that exist on the host system. Any user with valid authentica- tion credentials is accepted, i.e. the username does not have to correspond to the user running the VM.

However, you can replace the default “external” authentication module with any other module. For this, VirtualBox provides a well-defined interface that allows you to write your own authentication module; see chapter 9.4, Custom external VRDP authentication, page 139 for details.

•Finally, the “guest” authentication method performs authentication with a special component that comes with the Guest Additions; as a result, authentication is not performed with the host users, but with the guest user accounts. This method is currently still in testing and not yet supported.

104