--- /dev/null
+# This openssl configuration file is used to auto generate a self signed
+# certificate for the -X509Cert and -X509Key options of the Xtigervnc server.
+# The magic @HostName@ value is substituted by the fully qualified domain name
+# of the machine. The openssl command used to auto generate the certificate is
+# specified in /etc/vnc.conf with the $sslAutoGenCertCommand option.
+#
+# If the user wants their own certificate, instead of the on demand auto
+# generated one, they can either specify it via the -X509Cert and -X509Key
+# options to tigervncserver or replaces the auto generated files
+# ~/.vnc/${HOSTFQDN}-SrvCert.pem and ~/.vnc/${HOSTFQDN}-SrvKey.pem in their
+# home directory. These files will not be overwritten once generated by the
+# tigervncserver wrapper script.
+
+RANDFILE = /dev/urandom
+
+[ req ]
+default_bits = 4096
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+prompt = no
+policy = policy_anything
+req_extensions = v3_req
+x509_extensions = v3_req
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This option specifies the digest algorithm to use. Possible values include
+# md5 sha1 mdc2. If not present then MD5 is used. This option can be overridden
+# on the command line.
+default_md = sha256
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+[ req_distinguished_name ]
+commonName = @HostName@
+
+[ v3_req ]
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+nsCertType = server
+
+# This is typical in keyUsage for a client certificate.
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+keyUsage = digitalSignature, keyEncipherment
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = @HostName@
+DNS.2 = localhost
--- /dev/null
+# /etc/vnc.conf written by Joachim Falk. This file is in the Public Domain.
+#
+# This is the configuration file for the tigervnc-standalone-server package.
+# It is Perl syntax and is source from the tigervncserver script.
+# Every value has suitable defaults, so you probably don't need any modifications.
+#
+# After this file, $(HOME)/.vnc/vnc.conf will be sourced, so values can be
+# overwritten on a per-user basis. If you want to reactivate the default
+# value there, you have to specify an undef value. For example, $fontPath
+# will set to the default value after
+#
+# $fontPath = "/foo";
+# $fontPath = undef;
+#
+# If you are missing something, please let me know.
+# joachim.falk@gmx.de
+
+# System configuration
+# --------------------
+#
+# This section contains entries that should be true for all users.
+
+# $vncClasses should be the path to the java classes of the VNC server.
+# $baseHttpPort is the port base for the http server. For display :nn
+# $vncClasses will be served on port $baseHttpPort + nn
+#
+# Default: $vncClasses = "/var/www/vnc"; # if /var/www/vnc is present.
+# Default: $baseHttpPort = undef; # disables the http server
+
+# $XFConfigPath can be set to the global XF86Config file. This will be
+# parsed to gain a default value for $fontPath. If you want
+# to disable this feature, point it to an invalid file,
+# "/invalid" for example.
+# $XFConfigPath = "/etc/X11/xorg.conf";
+
+# $fontPath should be a comma separated list of fonts to be added to the font
+# path. If not specified, and $XFConfigPath is valid, vncserver
+# will read the $fontPath from there. If both are not set, the
+# default will apply.
+# Example:
+# $fontPath = "tcp/localhost:7100"; # would force Xtigervnc to use xfs.
+# Example:
+# $fontPath = "";
+# $fontPath .= "/usr/share/fonts/X11/misc,";
+# $fontPath .= "/usr/share/fonts/X11/cyrillic,";
+# $fontPath .= "/usr/share/fonts/X11/100dpi/:unscaled,";
+# $fontPath .= "/usr/share/fonts/X11/75dpi/:unscaled,";
+# $fontPath .= "/usr/share/fonts/X11/Type1,";
+# $fontPath .= "/usr/share/fonts/X11/100dpi,";
+# $fontPath .= "/usr/share/fonts/X11/75dpi,";
+#
+# Default: $fontPath = undef; # Use Xtigervnc built-in default font path.
+
+# Use Xtigervnc built-in default font path even if $XFConfigPath is present
+# and contains FontPath directives.
+$fontPath = undef;
+
+# $PAMService is the PAM service used for plain password authentication
+# if one of the security types Plain, TLSPlain, and
+# X509Plain is used.
+#
+# Default: $PAMService = "tigervnc"; # if /etc/pam.d/vnc is absent.
+# Default: $PAMService = "vnc"; # if /etc/pam.d/vnc is present.
+
+# $sslAutoGenCertCommand is used to auto generate the certificate
+# for the X509Cert and X509Key options. The configuration for
+# openssl is taken from /etc/tigervnc/ssleay.cnf where we substitute
+# @HostName@ by the fully qualified domain name of the host.
+#
+# Example: $sslAutoGenCertCommand =
+# "openssl req -newkey rsa:4096 -x509 -days 365 -nodes";
+#
+# Default: $sslAutoGenCertCommand =
+# "openssl req -newkey ec:/etc/tigervnc/ecparams.pem -x509 -days 2190 -nodes";
+
+# User configuration
+# ------------------
+#
+# This section contains entries that may change from user to user.
+# You can overwrite these settings by providing a ~/.vnc/vnc.conf
+# configuration file.
+
+# $vncUserDir contains the filename for the log files directory of Xtigervnc
+# (the server) and the viewers that are connected to it.
+#
+# Default: $vncUserDir = "$ENV{HOME}/.vnc";
+
+# $vncPasswdFile contains the filename of the password file for Xtigervnc.
+# This file is only used for the security types VncAuth,
+# TLSVnc, and X509Vnc.
+#
+# Default: $vncPasswdFile = "$vncUserDir/passwd";
+
+# $vncStartup points to a script that will be started at the very beginning.
+#
+# Default: $vncStartup = "$vncUserDir/Xvnc-session";
+$vncStartup = "/etc/X11/Xvnc-session";
+
+# $xauthorityFile should be the path to the authority file that should be used
+# by the Xtigervnc server.
+#
+# Default: $xauthorityFile = "$ENV{XAUTHORITY}" # if the env var is defined.
+# Default: $xauthorityFile = "$ENV{HOME}/.Xauthority"; # otherwise
+
+# $desktopName should be set to the default name of the desktop.
+# This can be changed at the command line with -name.
+#
+# Default: $desktopName = "${HOSTFQDN}:nn ($USER)" # Where nn is the display number.
+
+# $wmDecoration sets the adjustment of $geometry to accommodate the window decoration
+# used by the X11 window manager. This is used to fully display
+# the VNC desktop even if the VNC viewer is not in full screen mode.
+#
+# Default: $wmDecoration = "8x64";
+
+# $geometry sets framebuffer width & height. A default can be derived if the
+# tigervncserver is run in a X session -- either $ENV{DISPLAY} or the
+# session given by $getDefaultFrom -- with the -xdisplaydefaults
+# option. The geometry can also be changed at the commandline with
+# the -geometry option. Otherwise, the fixed default provided below
+# will be used.
+#
+# Default: $geometry ="1280x1024";
+$geometry = "1900x1200";
+
+# $depth sets the framebuffer color depth. Must be between 8 and 32.
+# $pixelformat sets the default pixelformat.
+# A default can be derived if the tigervncserver is run in a
+# X session -- either $ENV{DISPLAY} or the session given by
+# $getDefaultFrom -- with the -xdisplaydefaults option. The depth
+# and pixelformat can also be changed at the commandline with
+# the -depth and -pixelformat options. Otherwise, the fixed
+# defaults provided below for the two settings will be used.
+#
+# Example: $depth = "16";
+# $pixelformat = "rgb565";
+#
+# Default: $depth = "24";
+# Default: $pixelformat = undef;
+
+# $getDefaultFrom sets the display for the -xdisplaydefaults option if
+# tigervncserver is not called in an X session, i.e.,
+# the $ENV{DISPLAY} variable is not set. The -xdisplaydefaults
+# option can be used to derive values for the above three
+# options, i.e., $geometry to $pixelformat. The $getDefaultFrom
+# value will be added to the call of xdpyinfo.
+#
+# Example: $getDefaultFrom = "-display localhost:0";
+#
+# Default: $getDefaultFrom = undef;
+
+# $rfbwait sets the maximum time in msec to wait for VNC client viewer.
+# Default: $rfbwait = "30000";
+
+# $localhost should the TigerVNC server only listen on localhost for
+# incoming VNC connections.
+#
+# Example: $localhost = "yes";
+# Example: $localhost = "no";
+#
+# Default: $localhost = "yes"; # if $SecurityTypes does not contain any TLS*
+# # or X509* security types or the $SecurityTypes
+# # does contain at least on *None security type.
+# Default: $localhost = "no"; # Otherwise
+
+# $SecurityTypes a comma separated list of security types the TigerVNC
+# server will offer. Available are None, VncAuth, Plain,
+# TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc, and X509Plain.
+#
+# Example: $SecurityTypes = "X509Vnc,X509Plain,TLSVnc,TLSPlain,VncAuth";
+#
+# Default: $SecurityTypes = "VncAuth" # if localhost is enabled (the default)
+# Default: $SecurityTypes = "VncAuth,TLSVnc" # otherwise
+
+# $PlainUsers a comma separated list of users that are authorized to access
+# the VNC server if the security types Plain, TLSPlain, or
+# X509Plain are used to establish the connection. The password
+# for these users are check by the system via the PAM service
+# specified via $PAMService option.
+#
+# Example: $PlainUsers = "user1,user2";
+#
+# Default: $PlainUsers only contains the user starting the tigervncserver.
+
+# $X509Cert and $X509Key contan the filenames for a certificate and its
+# key that is used for the security types X509None, X509Vnc,
+# and X509Plain.
+#
+# Default: $X509Cert is auto generated if absent and stored in
+# ~/.vnc/${HOSTFQDN}-SrvCert.pem
+# Default: $X509Key is auto generated if absent and stored in
+# ~/.vnc/${HOSTFQDN}-SrvKey.pem
+#
+# If filenames are given for $X509Cert and $X509Key either here or
+# on the commandline via -X509Cert and -X509Key options, then
+# the auto generation is disabled and the user has to take care
+# that usable certificates are present.
+
+1;
projects / zenbook / commitdiff