Goal

• As a developer, I want to login to my RHEL 10 developer workstation with GNOME Remote Desktop without RDP authentication, so that I don't have to authenticate twice (first for RDP and second at GDM) as this is experienced to be very inconvenient.

Acceptance criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

• The need to use RDP login credentials can be disabled
  • Best option would be to do this at Build time
  • Second best option would be to disable it during deployment
  • Third best option would be to disable it at runtime, either automatically using Ansible or manually
• User uses the RDP client application included in Microsoft Windows to connect to GNOME remote desktop without the need to provide RDP login credentials
• The RDP session will be established and the GDM login screen appears
• The user can authenticate to GDM using username/password from some supported identity provider (IdP)

Additional information and business justification

Together with our customer I have identified a valid area for improvement in gnome-remote-desktop's design from a user experience and practical security perspective. Here are five key arguments to add an option to disable the separate RDP login credentials, particularly when targeting the GDM login screen:

1. Reduces User Friction and Improves Usability for Single-User Desktops:

For the vast majority of personal or single-user desktop setups, requiring a second authentication step before reaching the GDM login screen is redundant and inconvenient. It creates an unnecessary barrier, forcing users to input credentials twice. Disabling this option would streamline the remote login process, making gnome-remote-desktop more user-friendly for its primary target audience.

2. Mitigates the Risk of Credential Reuse and Weakened Security:

When faced with two login prompts for the same machine, many users will simply reuse the same username and password for both the RDP pre-authentication and the GDM login. This effectively nullifies any theoretical "layered security" benefit, as a successful brute-force attack on one layer immediately grants access to the other. Removing the redundant RDP credential requirement would encourage users to focus on securing their single, primary GDM/Linux user credentials with a strong, unique password, leading to better overall security practices.

3. Aligns with "Network-First" Security Philosophy:

The most robust security for RDP comes from network-level controls (firewalls, VPNs) that prevent unauthorized access before it even reaches the RDP service. If a system is properly secured at the network layer (e.g., RDP port only open to specific IPs, or accessible only via VPN), the need for a redundant, weak username/password pre-authentication becomes negligible. Providing an option to disable it acknowledges that the primary security measures should reside at the network perimeter.

4. Simplifies Configuration and Reduces Potential for Misconfiguration:

Having a separate set of RDP credentials adds another layer of complexity to setup and troubleshooting. Users might forget which password belongs to which layer, or encounter issues with keyring integration if the RDP password isn't handled correctly. An option to disable it would simplify the configuration process, reducing potential pitfalls and support queries related to double authentication.

5. Enhances Integration with Other Authentication Methods (Future-Proofing):

While not directly supported by gnome-remote-desktop's default RDP implementation, the trend in enterprise environments is towards stronger authentication methods like multi-factor authentication (MFA) or Kerberos. These are typically integrated at the GDM/PAM level. If a user enables MFA at GDM, forcing a preceding RDP username/password only adds an unnecessary, weaker step. Allowing the RDP layer to be effectively "transparent" until GDM would facilitate cleaner integration with more advanced authentication mechanisms without requiring redundant, less secure preliminary steps.