Our documentation for /vsmserver/allowed_clients is not particularly helpful in explaining what the setting is for:
> A space-separated list of hosts from which privileged operations
> are allowed. The default (empty) allows localhost to do this.
> Privileged operations are for example to deactivate a session,
> something that should be allowed by the host running the ThinLinc
> Web Administration service.
The comment in vsmserver.hconf is even worse:
> # Only allow connections from clients in this space-separated list for priv
> # operations localhost and hostname IP are always allowed.
We should change this to something that makes it very clear to an admin when this value needs to be set and to what.
Perhaps even remove or hide it?