What is System Authentication?
System Authentication means that RealVNC Viewer users can authenticate to RealVNC Server using the same credentials they normally use to log on to their user account on the RealVNC Server computer.
The system authentication scheme (labelled Windows password, Mac password or UNIX password) is both secure and convenient:
- System administrators often implement rules such as password complexity and ageing in enterprise environments to meet organisational security policies
- Users can authenticate using already-familiar credentials, and don’t have to remember yet another password.
*You can combine this authentication scheme with others in order to specify multi-factor authentication for RealVNC Server.
Setting up System Authentication
The user account of each prospective RealVNC Viewer user must be registered with RealVNC Server. Certain admin groups are pre-registered, to enable connectivity out-of-the-box. This may mean no set up is required, especially under Windows and macOS.
To authenticate to RealVNC Server, a RealVNC Viewer user can supply the credentials:
- Under any platform, of a local user account (that is, one set up directly on the computer).
- Under Windows and macOS, providing the computer is joined to a domain, of a domain user account (one that is managed by a network service such as Active Directory). Note that prior configuration is required under Linux; see below.
- Under Windows 8 or later, if the local user account is linked to a Microsoft account, the email address and password of the linked Microsoft account.
If you are unsure of the username to use, please see this article.
Setting up domain accounts under Linux
When RealVNC Server is installed on Linux platforms, a suitable PAM library checking credentials against the local database store only is automatically referenced.
To configure RealVNC Server to allow authentication with domain accounts, the below steps will enable a basic configuration to achieve this:
/etc/pam.d/vncserver.customwith the below contents, depending on your operating system:
RHEL / CentOS
auth include password-auth
account include password-auth
session include password-auth
/etc/vnc/config.d/common.customand add the line:
- Restart RealVNC Server.
For Service Mode, run the command:
sudo systemctl restart vncserver-x11-serviced
- Connect with RealVNC Viewer and try authenticating with domain credentials. Note: you may need to qualify usernames with the domain name, for example
If you are unable to authenticate with domain credentials after following these steps, please contact Support.
Registering domain accounts with RealVNC Server
If the domain accounts you are using are not part of any built-in or local groups on the computer running RealVNC Server, domain accounts must be registered with RealVNC Server in the standard way, either by:
- Setting the RealVNC Server Permissions parameter.
- Opening RealVNC Server’s Options > Users & Permissions page and following these instructions.
You may need to qualify usernames with the domain name, for example
DEV.ACMECORP.COM\johndoe. Note that connecting users may also need to supply the user name qualified in this way too.