VMware Horizon Community
RemGuinch
Contributor
Contributor
‎03-03-2021 03:32 AM

Logon as current user on linux based horizon client

Hello,

I'm working on a project in wich we are trying to set up SSO (with kerberos) so that a user can connect from a linux client (CentOS 7.8), and access a remote desktop VM (Gnome3 on CentOS 7.8) through Horizon View 2012. The Client and the desktop VM are parts of an active directory domain.

The question is: is there a way to launch Horizon Client from command line (by script) and use the kerberos token (or something else) to automaticaly authenticate the current logged user to the connection server ?

thankssss

Remy

0 Kudos
3 Replies
Albertovich
Enthusiast
Enthusiast
‎03-04-2021 12:40 AM

Hi:

You can run the vmware client from command line by typing vmware-view (/usr/bin/vmware-view)

Type 'vmware-view --help' to get a list of avaliable options

In your case you can use something like this:

vmware-view -s server.vmware.com -u user@domain.com -p userpass -q

Where:

-s The vmware server ip or dns

-u the username (you can use bash variables here)

-p the user password (you can use bash variables here)

-q Forces vmware client to start without interaction.

 

regards

 

0 Kudos
RemGuinch
Contributor
Contributor
‎03-04-2021 01:11 AM

Hello Albertovitch,

Thank for your reply, but the architecture must have a high security level, and the objectives are:

- to avoid to have the password in clear in the process (and stored in a file)

- to avoid the user enter his password to launch the client

for these reasons, I think to use the kerberos token generated on the linux session user login (like the widows-based client), but I don't know how...

 

Remy

0 Kudos
Perttu
Enthusiast
Enthusiast
‎03-17-2021 08:24 AM

Hi, 

AFAIK Horizon Client for Linux doesn't support login as current user feature. However this would be a welcome feature.

One possible way to circumvent this issue could be using Identity Manager and True SSO, where the login into the Identity Manager would come from kerberized ADFS or Shibboleth.

1. User authenticates to Identity Manager with Kerberos credentials through ADFS. (passwordless)
2. Connection Server trusts to Identity Manager
3. Certificate Enrollment Server trusts to Connection Server and creates a short-lived certificate on user's behalf
4. This certificate is used to login the user to the remote Linux 

0 Kudos