From unknown Tue May 19 06:17:37 2026
X-Loop: owner@bugs.x2go.org
Subject: Bug#1012: [X2Go-Dev] Bug#1012: Session reconnect doesn't work (x2gobroker)
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 1012@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 23 Mar 2016 09:45:02 +0000
Resent-Message-ID: <handler.1012.B1012.145872616318337@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1012
X-X2Go-PR-Package: x2gobroker
X-X2Go-PR-Keywords: 
Received: via spool by 1012-submit@bugs.x2go.org id=B1012.145872616318337
          (code B ref 1012); Wed, 23 Mar 2016 09:45:02 +0000
Received: (at 1012) by bugs.x2go.org; 23 Mar 2016 09:42:43 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 76CEE5DAB9
	for <1012@bugs.x2go.org>; Wed, 23 Mar 2016 10:42:41 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id IzHKNRY5oh17 for <1012@bugs.x2go.org>;
	Wed, 23 Mar 2016 10:42:35 +0100 (CET)
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 62A075DA93
	for <1012@bugs.x2go.org>; Wed, 23 Mar 2016 10:42:35 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 06A8BDC9;
	Wed, 23 Mar 2016 10:42:35 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 9B2B13C081;
	Wed, 23 Mar 2016 10:42:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bRpF1WF5BwdU; Wed, 23 Mar 2016 10:42:28 +0100 (CET)
Received: from das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id AF3D13BA36;
	Wed, 23 Mar 2016 10:42:28 +0100 (CET)
Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de
 [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Wed, 23 Mar 2016 09:42:28 +0000
Date: Wed, 23 Mar 2016 09:42:28 +0000
Message-ID: <20160323094228.Horde.E8ayiECPO7JqLxstEtnkPxh@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Cc: 1012@bugs.x2go.org
References: <20160322111457.Horde.Hg9FaccmAt5vBIUkY4EzXqq@mail.das-netzwerkteam.de>
 <56F24E54.7010603@baur-itcs.de>
In-Reply-To: <56F24E54.7010603@baur-itcs.de>
User-Agent: Horde Application Framework 5
Accept-Language: de,en
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 178.62.101.154
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Firefox/38.0 Iceweasel/38.6.1
Content-Type: multipart/signed; boundary="=_1_pE6aFK1CVDRZ3_G6vxRxP";
 protocol="application/pgp-signature"; micalg=pgp-sha256
MIME-Version: 1.0

This message is in MIME format and has been PGP signed.

--=_1_pE6aFK1CVDRZ3_G6vxRxP
Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Stefan,

On  Mi 23 M=C3=A4r 2016 09:05:40 CET, Stefan Baur wrote:

> Am 22.03.2016 um 12:14 schrieb Mike Gabriel:
>> Where do you actually have the X2Go Broker installed? On both X2Go
>> Servers? This is a non-recommended setup.
>>
>> The recommended setup is:
>>
>>   on broker machine, several X2Go Servers
>>
>> or
>>
>>   two broker machines (with DNS round robin), several X2Go Servers
>
> What's the reason for this?
>
> Our idea was to install the broker on all X2Go Servers, and have one
> Round-Robin-DNS entry for the broker connection, as well as separate
> names for the servers themselves.
>
> broker.example.com -> 192.168.0.10, 192.168.0.20 #RRDNS
> primarynode.example.com -> 192.168.0.10
> secondarynode.example.com -> 192.168.0.20
>
> Is this still a bad idea, and if so, why?

If you setup the complete broker <-> broker-agent functionality, the=20=20
broker=20becomes quite powerful. The software design should be safe=20=20
regarding=20privilege handling.

However, I personally prefer to have the broker on a machine where=20=20
users=20won't get a login shell. It is just a gut feeling. In theory, it=20=
=20
should=20be safe having the broker on X2Go Servers. But still...

Mike


--=20

DAS-NETZWERKTEAM
mike=20gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=3Dm.gabriel=
%40das-netzwerkteam.de

--=_1_pE6aFK1CVDRZ3_G6vxRxP
Content-Type: application/pgp-signature
Content-Description: Digitale PGP-Signatur
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJW8mUEAAoJEJr0azAldxsxHFUP/0uNVpXqTwOE5/dpJVwKDyCO
An3MpAEuwh5DJNYc8qlTbMFihIBeEho7TViQzpCQH+D5OBLnuG+KolWy8B7FpytP
bzIqt+qsg6P5NRCYZVqbAZuJdJNf9ZVA+kU+DjD+d5bNRQ7o7Kwn6YsEHYMnBCE8
CkEcgfb++zwdLreMPX6WLeSnzYTwOmCUnaalzfFw3ZbrWO7y73z+04lcvm7jAip8
wxyOtltaBqgUfNO3bot0+Tb6wPTmcoKAbrobL0qEkAW31osxA+Z37ICwP2WCqECm
SdjsrACP5NaA5sZcm0E+yf97WBvpcDB3bdgoweqsUCG18jhfTWKNt6Cm2HYmA1sT
2SIwVgAlCDXx8inqeAoRjfmOHwrV4z+Y7FOEdiTFXepTE1HbwvgzsgLqemvIPTIo
U+eZ/3NVPJAapyUOb0nAHg2Er5KIK1TWd8e8q2+gACtxBH0ysNXmKef7P3B7CgS/
EQv2Qd/YE1MYBR0jcx8OBKocvKn/lwz321sS71OXCFoQ6CBRC7jcflrkz78huvZc
q4SF/mm4VSYC2JX0tdvSwwSfOImDMm+laeXGtdk6fwT19O6tZoeMALbu8x1RFAGB
yFX3xpYEr2twFS/8/uNus5c+uCcEbIdGOrMxO1oZE2fEB+6pdedBtR5bRP0ruaSX
h/pzeogh5cxfuEIEi15q
=Tw+i
-----END PGP SIGNATURE-----

--=_1_pE6aFK1CVDRZ3_G6vxRxP--