OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Thin client solution based on OpenBSD
Contributed by phessler on Fri Oct 26 14:01:20 2012 (GMT)
from the bang-the-drum-all-day dept.

OpenBSD developer Robert Nagy writes in to tell us about how they use OpenBSD at work:

The m:tier thin client is a small application written in Python that can be executed as a window manager replacement. It provides a clean UI for the thin client hardware in order to allow the user to easily execute all the needed applications. We have been using thin client hardware from IGEL to have a simple and usable hardware base for our thin client. The machine itself is a really simple i386 machine with enough power to support most of the needs. As usual, we have chosen OpenBSD as the operating system because of its simplicity and the fact that it’s the most secure and sane operating system out there.

In most areas thin clients are being used in offices where there can be a central server which is used by the clients to boot using pxeboot for example. In this case every time the machine gets rebooted, a clean environment will be provided for the users. Our goal was to create a thin client which can be updated and managed over the internet, but still keeping the ability to have a clean environment after a reboot. In order to achieve this we have modified the rc(8) system of OpenBSD to use memory file systems on the those parts of the system where writing data somewhere is necessary. In our setup /tmp, /home, /var/log and /var/db is always a memory filesystem. All of these memory filesystems are created on boot to have a clean start except for /var/db which gets synchronized with the on-disk data before it is being used by anything. After the filesystem setup we make sure that we populate the /home directory properly for the “thin” user, which is being used by the thin client to launch an X server and the thin client software itself.

ttyC5   "/usr/bin/su - thin -c /usr/X11R6/bin/xinit" xterm on secure

install -d -o thin -g users -m 750 /home/thin
cat < /home/thin/.xinitrc
xsetroot -cursor_name left_ptr
(cd /usr/local/thinclient; ./thinclient)

As you can see the rc.local can be used to populate the home directory for the thin user to have all the necessary configuration files. After rc.local has finished running, the rc(8) script makes the whole / filesystem read-only because we do not need to write to it at all. Doing this also ensures that if the machine gets reset there will be no need to run fsck(8) and that our system will always be consistent with what we want.

The thin client software is really simple and by default it includes support for three default applications: OpenNX, Remmina and Chromium. These are the most commonly used application types on a thin client because most of the time users only use these clients to connect to other machines or just to browse the internet.

The client also has two indicators so that the user can see if the network connection and a VPN connection are up (if configured). The client regularly watches network traffic on the configured interface and also checks IPSec flows to indicate if there is a VPN tunnel running:

The client also includes a clock and a date indicator and support for rebooting and shutting the thin client down.

We have chosen OpenNX and Remmina to support remote connections to other machines because these programs include basically all needed protocols: NX, RDP, VNC and so on.

In the background a puppet client is running checking a master server over the internet using the machine’s UUID to authenticate itself to the puppet master server in order to get updates over the internet. Since the / filesystem is mounted read-only each time an update has to be applied the filesystem gets remounted read-write so that the changes can be made and then it gets remounted read-only to protect the consistency of the system.

For more details on this delightful system, please check out the homepage at


<< EuroBSDCon 2012 wrap up | Reply | Flattened | Expanded | OpenBSD 5.2 released >>

Threshold: Help

Related Links
more by phessler

  Re: Thin client solution based on OpenBSD (mod 2/34)
by Predrag Punosevac (Oko) ( on Sun Oct 28 20:41:51 2012 (GMT)
  Great post! Is there any chance that we see soon m:tier thin client in ports tree? Could you also explain the rational behind using OpenNX and Remmina? I was not aware of Remmina before so I did a bit of search. It appears that Remmina does support NX protocol although relaying on OpenSSH rather on proprietary forked SSH version. Is there anything wrong with it? I am a heavy user of OpenNX and occasional user of VNC (SSVNC) and RDP. Having a single client for multiple protocols is very appealing to me.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Thin client solution based on OpenBSD (mod 5/29)
by mkucharski (mkucharski) ( on Mon Nov 5 02:18:09 2012 (GMT)
  Robert, what are you using on the server side of NX?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Thin client solution based on OpenBSD (mod 0/0)
by Felicity KeFith (keFith520) ( on Tue May 30 08:31:17 2017 (GMT)
Felicity KeFith
  Make a list. Sit down and brainstorm a subscriber base of talk like dirty. Phrases, sentences, single words - writing. Just make them all hot and scummy. Write down every dirty word an individual ever experienced. If you start to blush when you are writing out your list, then you know you're on accurate track.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]