Hi Stefan,

On  Mi 23 Mär 2016 09:05:40 CET, Stefan Baur wrote:

> Am 22.03.2016 um 12:14 schrieb Mike Gabriel:
>> Where do you actually have the X2Go Broker installed? On both X2Go
>> Servers? This is a non-recommended setup.
>>
>> The recommended setup is:
>>
>>   on broker machine, several X2Go Servers
>>
>> or
>>
>>   two broker machines (with DNS round robin), several X2Go Servers
>
> What's the reason for this?
>
> Our idea was to install the broker on all X2Go Servers, and have one
> Round-Robin-DNS entry for the broker connection, as well as separate
> names for the servers themselves.
>
> broker.example.com -> 192.168.0.10, 192.168.0.20 #RRDNS
> primarynode.example.com -> 192.168.0.10
> secondarynode.example.com -> 192.168.0.20
>
> Is this still a bad idea, and if so, why?

If you setup the complete broker <-> broker-agent functionality, the  
broker becomes quite powerful. The software design should be safe  
regarding privilege handling.

However, I personally prefer to have the broker on a machine where  
users won't get a login shell. It is just a gut feeling. In theory, it  
should be safe having the broker on X2Go Servers. But still...

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de