From xypron.glpk@gmx.de  Tue Sep 25 15:11:00 2012
Received: (at 34) by bugs.x2go.org; 25 Sep 2012 13:11:00 +0000
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23])
	by ymir (Postfix) with SMTP id 0A3605DB15
	for <34@bugs.x2go.org>; Tue, 25 Sep 2012 15:11:00 +0200 (CEST)
Received: (qmail 13448 invoked by uid 0); 25 Sep 2012 13:10:59 -0000
Received: from 212.64.228.100 by www008.gmx.net with HTTP;
 Tue, 25 Sep 2012 15:10:58 +0200 (CEST)
Cc: oleksandr.shneyder@obviously-nice.de
Content-Type: text/plain; charset="utf-8"
Date: Tue, 25 Sep 2012 15:10:58 +0200
From: "glpk xypron" <xypron.glpk@gmx.de>
In-Reply-To: <20120925102525.15264n2buhtuy73p@mail.das-netzwerkteam.de>
Message-ID: <20120925131058.196020@gmx.net>
MIME-Version: 1.0
References: <505CC771.20300@gmx.de>
 <handler.34.B34.13482576789462.ackinfo@bugs.x2go.org> <505D9F99.10808@gmx.de>
 <505DA7B4.3030909@informatik.uni-erlangen.de> <505F6DDB.1070304@gmx.de>
 <5060251D.90202@informatik.uni-erlangen.de> <20120924132602.316510@gmx.net>
 <50607239.5090308@informatik.uni-erlangen.de> <5060CF1E.20700@gmx.de>
 <5060EA24.7070600@obviously-nice.de> <20120925030819.309160@gmx.net>
 <20120925102525.15264n2buhtuy73p@mail.das-netzwerkteam.de>
Subject: Re: [X2Go-Dev] Bug#34: SSH_OPTIONS_FD
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 34@bugs.x2go.org
X-Authenticated: #41704822
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX19B9GgDKbZB4OO1UVHvTECQSXznOhrnUfxvo8EFKe
 65Zpe3pFsxlZ34la0GHH/qXhiopK6cxP5mCA== 
Content-Transfer-Encoding: 8bit
X-GMX-UID: NMgTcPYteSEqVRc+F3YhLHR+IGRvb0Cr

Hello Mike,

in enterprise settings it is good practice to require authentication at the proxy to be able to be able log which user is doing what.

Best regards

Heinrich

-------- Original-Nachricht --------
> Datum: Tue, 25 Sep 2012 10:25:25 +0200
> Von: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
> An: glpk xypron <xypron.glpk@gmx.de>, 34@bugs.x2go.org
> CC: Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de>
> Betreff: Re: [X2Go-Dev] Bug#34: SSH_OPTIONS_FD

> Hi,
> 
> On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote:
> 
> > I am not aware of proxies being contacted over https.
> 
> Hmmm... this indeed is true... The feature will mostly be an  
> inside-to-outside connection. Hmmm... To get it clear, would we send  
> http-proxy authentication strings in cleartext to the proxy server or  
> would we send the remote X2Go server credentials to the proxy in  
> cleartext.
> 
> Sending proxy auth in cleartext probably is common practice (?). Most  
> proxy setups do not even need an auth-against-the-proxy.
> 
> This feature clearly needs a good documentation so that we do not  
> false security alarms on the mailing lists!!!
> 
> Mike
> 
> 
> -- 
> 
> DAS-NETZWERKTEAM
> mike gabriel, rothenstein 5, 24214 neudorf-bornstein
> fon: +49 (1520) 1976 148
> 
> GnuPG Key ID 0x25771B31
> mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
> 
> freeBusy:
> https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb