Skip to content

VNC

Jump to bottom
Brent Baccala edited this page Sep 16, 2022 · 7 revisions

Many different choices exist for VNC servers and clients. Both are used as part of this system.

We have a built-in Javascript VNC client (noVNC) on BigBlueButton that connects to VNC servers, but we don't use the standard VNC authentication. Instead, the BigBlueButton server provides a session token that identifies the BigBlueButton user.

We also need VNC clients running on the server to create the "teacher mode" view where you can see all of the student desktops. There are authentication issues there too, because the teacher needs permission to view and work on student desktops. We also use the same feature to screenshare a student or teacher desktop to all of the students. There's another authentication issue there. In addition to needing permission to view the shared desktop, we also need permission to put windows (i.e, the screenshare) onto student desktops.

I currently use tigervnc to create the student desktops, since it supports UNIX domain sockets, which lets us give permission to anybody in the bigbluebutton group to access other desktops. These sockets are created in the /run/vnc directory.

We also set permissions on the student's .Xauthority files to allow the bigbluebutton group to open windows on the desktops.

I currently use the ssvnc viewer to create the screenshares and to "connect" teachers to individual student desktops (i.e, by putting a fullscreen ssvnc viewer on the teacher desktop, connected to the student desktop).

In short,

  1. noVNC viewer embedded into BigBlueButton
  2. tigervnc server to create the desktops
  3. ssvnc viewer to project one desktop onto another

Reference list of known VNC software

  • TightVNC

    Hosted at https://tightvnc.com

  • Enhanced TightVNC Viewer

    Home page: http://www.karlrunge.com/x11vnc/ssvnc.html

    Available in Ubuntu repository as package ssvnc.

    Adds a -scale option (critical for the "teacher mode" view) that isn't available in the TightVNC viewer.

    It also allows connections to be made to UNIX domain sockets or the stdin of arbitrary programs.

  • TurboVNC

    Adds authentication options to the server that might be of use to us.

    The client is Java-based and I currently can't see how to set its X11 tookit options (geometry and title), which are required when creating the "teacher mode" view.

  • TigerVNC

    Adds direct support for UNIX domain sockets, which would eliminate the need for using socat to relay UNIX domain connections to TCP sockets, nor would we need to add an access list entry preventing access to the VNC TCP ports. Only available in the repository for Ubuntu 17+.

    Has support for a -pam_service option

  • noVNC

    JavaScript VNC client, embedded into BigBlueButton.

    Its current version only supports authentication types 1 (no auth), 2 (VNC auth), 16 TightVNC (only sub-types NOAUTH and VNCAUTH), and 22 XVP (little information; might be a variant of type 2 VNC auth).

    see https://vncdotool.readthedocs.io/en/0.8.0/rfbproto.html#tight-security-type

    In particular, it does not support the UNIX Login TightVNC sub-type, which is what the TurboVNC server requires (or VeNCrypt Plain (type 19)) for PAM authentication.

Clone this wiki locally