[FreeNX-kNX] Problems With FreeNX and PAM-SecurID/RSA Authentication

chris at ccburton.com chris at ccburton.com
Thu Apr 5 11:13:15 UTC 2012 

freenx-knx-bounces at kde.org wrote on 04/04/2012 18:38:29:

> Members,
> 
> I've been having issues with getting any of my NX clients to properly 
> authenticate against the FreeNX server on a remote machine. I have 
> enabled SSH only--per our security directives--because we use SecurID 
> PIN+token authentication for our SSH connections. Here's the behavior I 
> get when I use nxnode-login to test:
> 
> [root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
> can't read "expect_out(1,string)": no such variable
>      while executing
> "set password $expect_out(1,string)"
>      (file "/usr/bin/nxnode-login" line 57)
> [root at s4pt pam.d]#
> 
> This would happen if I were to attempt to put in the SecurID PIN+token 
> combo, so I figured I was 'tripping' something that the expect script 
> couldn't handle, but then I went ahead--on a second attempt--and typed a 

> carriage return, and got this:
> 
> root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
> 
> 
*******************************************************************************
> *  This US Government computer is for authorized users only.  By 
> accessing    *
> *  this system you are consenting to complete monitoring with no 
> expectation  *
> *  of privacy.  Unauthorized access or use may subject you to 
> disciplinary    *
> *  action and criminal 
> prosecution.                                           *
> 
*******************************************************************************
> Enter PASSCODE:
> 
> which would make sense, but when typing the PIN+token, I just get the 
> characters echo'ed back and the prompt just sits there. I feel like I'm 
> closer to getting this working. Was wondering if anyone had any 
> ideas/suggestions? Do I need to manipulate something within the expect 
> script portion somewhere?
> 
> Thanks.


Try editing nxnode-login, find the following (about line 72)


               "Are you sure you want to continue connecting (yes/no)?" { 
send "yes\r" }
               "assword*:"  { sleep 0.3; send "$password\r" }

and ADD this line underneath:-
                   "Enter PASSCODE:"  { sleep 0.3; send "$password\r" }

It might work. I don't have one to test.

> 
> 
> 
> 
> -- 
> Paul E Virgo
> Sr. System Administrator
> Code 610
> SESDA II - DAAC/DISC
> Goddard Space Flight Ctr
> Greenbelt, MD 20771
> (301) 614-5751
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120405/2227c68f/attachment.html>

More information about the FreeNX-kNX mailing list