[FreeNX-kNX] Looking for NX and FreeNX success stories

[Bruce Stephens]

Paul van der Vlis <paul at vandervlis.nl> writes:

[...]

> The password is not verified by SSH, but by nxserver. NXserver will
> authenticate normaly to the same users as SSH is authenticating.
>
> So it is not a problem to use a SSH and not to allow passwords.
>
> Please correct me when I am wrong...

We're probably just talking about different aspects of what's going
on.  The user connects using ssh to a computer as user nx, which
starts nxserver, and that part uses public key authentication.  

Then the user sends across their name and a password (in some form),
and nxserver needs to check that password somehow.  In the copy of
nxserver I've got it's in a switch statement at about 530, and
depending on configuration it tries passdb, ssh, su, all with the
credentials passed in.  And then in server_nxnode_start it needs to
start a process as the user, and again appears to need ssh with
password authentication (or su).

(None of this is a big deal for me (or anyone, I suspect): su (off by
default) is fine on my home machine, and at work our sshd on the
gateway machine rejects passwords, but I use ssh to create a port
through that and machines inside can use passwords.  And passdb also
seems fine---potentially a bit inconvenient, I guess, and if we were
to use it at work I imagine we'd much prefer something that used LDAP,
like pam_ldap.)

[...]