Supporting SSL client authentication for connections by NX protocol

ID: FR09M02964 Priority: Low
Products: NoMachine Server Target: 5
Status: Implemented  

NoMachine should support SSL client authentication for connections by NX protocol.

With client authentication a client side certificate is used by NoMachine service, nxd, to validate the client identity agains a list of allowed clients.

The certificate can be an individual certificate to grant access on a per-user or per-host basis or can be a global one distributed among all users or client host machines.

This feature request applies to connections by NX protocol and requires a new key in the server configuration file:


#
# Enable or disable support for SSL client authentication in the NX
# service.
#
# 1: Enabled. The NX service, nxd, uses the client side certificate
#    to validate the connecting client against a list of allowed
#    clients. Only clients owning a certificate valid for this NX
#    service can authenticate with this method.
#
# 0: Disabled. Authentication by using a client side certificate
#    is not possible.
#
# This option applies to connections by NX protocol only and it's
# disabled by default.
#
#EnableNXClientAuthentication 0