[FreeNX-kNX] [ANNOUNCE] FreeNX 0.2.6
Fabian Franz
FabianFranz at gmx.de
Thu Nov 11 15:00:36 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am pleased to announce FreeNX 0.2.6.
Get it from the usual location:
http://debian.tu-bs.de/knoppix/nx/freenx-0.2.6.tar.gz
It is just a bugfix release, but should increase the overall security of the
FreeNX package.
Here is the ChangeLog:
11.11.2004 FreeNX 0.2.6
* Security: Fixed a possible exploit in ssh-usage
(thanx to Sebastian Krahmer from the SuSE security team)
* Important: Public/Private key is no longer used for PAM auth mode.
The second change is the more interesting change. From now on it is possible
to use FreeNX without the second login mechanism to ever use the
public/private-key authentication.
This efficiently removes the "Single-Point-Of-Failure" often criticized by
different people.
You can now remove the public keys (see $NX_ETC_DIR/users.id_dsa.pub) from
your users ~/.ssh/authorized_keys2 as the system private key is no longer
needed to login the users.
This was implemented only now, because I had made a wrong assumption in my
head and when I tried it, it was "just working". If I had not made this wrong
assumption, you might have had that feature / bugfix 2 months earlier.
@Stefan: As this update affects just security issues, I suggest you to just
update to the new version, instead of backporting it.
Have Fun,
cu
Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBk36WI0lSH7CXz7MRAn5HAJ49l8kjWprktlNsbrrXiRpTbeHK2QCff7CK
9xyU5f0QQr+nyVgVaJ+g+W0=
=BVNd
-----END PGP SIGNATURE-----
More information about the FreeNX-kNX
mailing list