Test Environment：

i.MX8MP EVK

L6.6.52(weston12)

Background

Current RDP only supports TLS authentication, but does not support the NLA feature or PAM password authentication. Therefore, the connection security of RDP will be very low, and you can even login remotely without the correct username and password.

This article implements the NLA feature and PAM password authentication base on weston rdp backend, which supports customized user and login.

1.Patches

patch weston-imx with add_rdp_pam_nla_support.patch

patch meta-imx with add_pam_support_and_weston_user.patch

2.Generate keys on Ubuntu

rename key as server.crt and server.key

sudo apt-get install winpr-utils   

winpr-makecert -rdp -path  ~/

copy server.crt and server.key from Ubuntu to /etc/freerdp/keys/ on i.MX board

3. Enable start-on-startup=true in weston.ini

4.Install Remmina on Ubuntu.

5.Generate SAM file on board and Ubuntu: /etc/winpr/SAM(SAM is a file, not a directory) and copy hash into /etc/winpr/SAM

The username weston and passwd has been set in add_pam_support_and_weston_user.patch.

username: weston

passwd: weston

domain: domain

$ winpr-hash  -u weston -d domain -p weston -v1 -f sam
weston:domain::b2ca4ec6a1dbd13c49b6ab5e1b10d5bf:::
$ vi /etc/winpr/SAM

6.Access with Remmina on Ubuntu.

7.Result