Auth value in NXS file

Forums / General Discussions / Auth value in NXS file

This topic contains 1 reply, has 2 voices, and was last updated by Avatar Shoti 2 months, 3 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #23027
    Avatar
    mattdall
    Participant

    To pre-configure a session for saving a user/password, based on instructions (https://www.nomachine.com/DT10O00160#2.1. and https://www.nomachine.com/AR01C00125)

    it states that ” While this feature can be very useful in many scenarios, it must be noted that saving the password in the configuration file makes it possible for any user to have access to the physical computer to steal the password and get access to the NX server with the user’s credentials. For this reason the option is turned off by default.”

    Where do you enable this option which configuration file?

     

    #23032
    Avatar
    Shoti
    Contributor

    Hi mattdall,

    First of all, let me note one thing: for security reasons, sensitive data is never transmitted from the server-side to the client-side. This means that even if the password is set in the connection file stored on the Web Player host, it will never be used for automatic log-in. To use a pre-configured password is therefore necessary to provide the connection file to the user and save it on his/her computer. It’s the default behavior of NXS for a web session.

    “Where do you enable this option which configuration file”

    That simply means that nxplayer will not save credentials in an NXS file without clicking the “Save this password in the connection file” link in the authentication panel.

    So we can say that this configuration file is NXS file itself. But this is not relevant here, as we are talking about web sessions.

    For web sessions, as written above, sensitive data is never transmitted from the server-side to the client-side. It cannot be modified for security reasons, while properly configured NXS file stored on a client-side will trigger automatic log-in procedure for web sessions – it’s a default behavior as well.

    Note: Please, also check the “EnableClientCredentialsStoring” from the server configuration file, it seems this key will be useful for you.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.