diff options
| author | runge <runge> | 2007-04-28 23:27:00 +0000 |
|---|---|---|
| committer | runge <runge> | 2007-04-28 23:27:00 +0000 |
| commit | 3fcab6f1ec5238977b28d5d6f5fbae365b1254fa (patch) | |
| tree | 1b8b1e6e6c5663baa3f548ca6d0cd431c8e27f4c /x11vnc/help.c | |
| parent | 2d0b184f8b99b5f60a8c4f94bfc42ebf96dbc9b3 (diff) | |
| download | libvncserver-3fcab6f1ec5238977b28d5d6f5fbae365b1254fa.zip libvncserver-3fcab6f1ec5238977b28d5d6f5fbae365b1254fa.tar.gz | |
x11vnc: -users sslpeer= option. RFB_SSL_CLIENT_CERT, -ncache 10 default
Diffstat (limited to 'x11vnc/help.c')
| -rw-r--r-- | x11vnc/help.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c index 25390c1..a13e146 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -869,7 +869,8 @@ void print_help(int mode) { "\n" " In this mode you can set X11VNC_SKIP_DISPLAY to a comma\n" " separated list of displays (e.g. \":0,:1\") to ignore\n" -" in the finding process.\n" +" in the finding process. This can also be set by the\n" +" user via \"nd=\" using \"-\" instead of \",\"\n" "\n" " An interesting option is WAIT:cmd=FINDCREATEDISPLAY\n" " that is like FINDDISPLAY in that is uses the same method\n" @@ -906,6 +907,10 @@ void print_help(int mode) { "\n" " Where /.../x11vnc is the full path to x11vnc.\n" "\n" +" If for some reason you do not want x11vnc to ever\n" +" try to find an existing display set the env. var\n" +" X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (also -env ...)\n" +"\n" " Use WAIT:cmd=FINDCREATEDISPLAY-print to print out the\n" " script used. You can specify the preferred order via\n" " e.g., WAIT:cmd=FINDCREATEDISPLAY-Xdummy,Xvfb,X and/or\n" @@ -1643,6 +1648,28 @@ void print_help(int mode) { " If you want to limit which users this will be done for,\n" " provide them as a comma separated list after \"unixpw=\"\n" "\n" +" Similarly, in -ssl mode, if \"-users sslpeer=\" is\n" +" supplied then after an SSL client authenticates with his\n" +" cert (the -sslverify option is required for this) x11vnc\n" +" will extract a UNIX username from the \"emailAddress\"\n" +" field (username@hostname.com) of the \"Subject\" in the\n" +" x509 SSL cert and then try to switch to that user as\n" +" though \"-users +username\" had been supplied. If you\n" +" want to limit which users this will be done for, provide\n" +" them as a comma separated list after \"sslpeer=\".\n" +" Set the env. var X11VNC_SSLPEER_CN to use the Common\n" +" Name (normally a hostname) instead of the Email field.\n" +" NOTE: the x11vnc administrator must take great care\n" +" that any client certs he adds to -sslverify have the\n" +" correct UNIX username in the \"emailAddress\" field\n" +" of the cert. Otherwise a user may be able to log in\n" +" as another. The following command can be of use in\n" +" checking: \"openssl x509 -text -in file.crt\", see the\n" +" \"Subject:\" line. Also, along with the normal RFB_*\n" +" env. vars. (see -accept) passed to external cmd=\n" +" commands, RFB_SSL_CLIENT_CERT will be set to the\n" +" client's x509 certificate string.\n" +"\n" " To immediately switch to a user *before* connections\n" " to the X display are made or any files opened use the\n" " \"=\" character: \"-users =bob\". That user needs to\n" @@ -2175,6 +2202,8 @@ void print_help(int mode) { " for rapid retrieval. So a W x H frambuffer is expanded\n" " to a W x (n+1)*H one. Use 0 to disable. Default: XXX.\n" "\n" +" The \"n\" is actually optional, the default is 10.\n" +"\n" " For this and the other -ncache* options below you can\n" " abbreviate \"-ncache\" with \"-nc\". Also, \"-nonc\"\n" " is the same as \"-ncache 0\"\n" |
