mailing list archives
Re: RDP, can it be done safely?
From: Marsh Ray <marsh () extendedsubset com>
Date: Thu, 10 Jun 2010 09:30:07 -0500
On 6/10/2010 9:10 AM, Thor (Hammer of God) wrote:
To be specific, it actually doesn't require a "client" cert in the
But I thought it could be configured to require a client cert?
You can configure certificate parameters on the
server in such a way that certificate trust chains must be honored
I don't get your meaning here. What cert chains would the server be
validating if not client certs? The server's own?
Or are you saying it's still the client's option to not present a client
but if you want true client authentication based on a
certificate, you would have to publish the RDP over RPC/HTTP(s) via
something like ISA where you can specifically configure a listener to
require client authentication certificates to be "presented" to the
publisher, but that's not really the same thing.
I kind of thought we had it configured something like that (but I
haven't gotten in too deep yet).
Thanks for the heads-up, I'll definitely look at this more closely as I
have some projects at work which involve MSTS and TSG.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: RDP, can it be done safely? Larry Seltzer (Jun 10)
Re: RDP, can it be done safely? Jeffrey Walton (Jun 10)
Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
Re: RDP, can it be done safely? Jonathan Leigh (Jun 09)
Re: RDP, can it be done safely? musnt live (Jun 11)