[FreeNX-kNX] One-time password authentication question
Nick Owen
nowen at wikidsystems.com
Tue Jan 17 22:22:08 UTC 2006
Thorsten Sandfuchs wrote:
> On Tue, Jan 17, 2006 at 02:07:52PM -0500, Nick Owen wrote:
>> The first password request works, but it appears that FreeNX makes
>> additional credential validation requests to the auth server, which of
>
> I don't know if I understood your problem right, but I think this could be
> solved with the "nxssh"-workaround (found under nxutils in svn) by fabian (see
> Message-Id: <200507050247.22930.FabianFranz at gmx.de> for details)
>
> /fux
Thanks for the tip, Thorsten, but the goal there seems to be
password-less authentication with existing public keys (correct me if
I'm wrong). What I want is a single password request to go out via
radius or tacacs+. With ssh, it just goes out once. With FreeNX, it
goes out twice, according to /var/log/secure. The auth server logs show
the password accepted once, then rejected the second attempt as well.
Here is the detail from the time-out:
NX> 203 NXSSH running with pid: 9755
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: *ipaddress* on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-44 OS (GPL)
NX> 105 hello NXCLIENT - Version 1.5.0
NX> 134 Accepted protocol: 1.5.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: nowen
NX> 102 Password:
NX> 103 Welcome to: servername user: nowen
NX> 105 listsession --user="nowen" --status="suspended,running"
--geometry="1400x1050x24+render" --type="unix-kde"
NX> 127 Sessions list of user 'nowen' for reconnect:
Display Type Session ID Options Depth
Screen Status Session Name
------- ---------------- -------------------------------- -------- -----
-------------- ----------- ------------------------------
NX> 148 Server capacity: not reached for user: nowen
NX> 105 startsession --session="support" --type="unix-kde" --cache="8M"
--images="32M" --cookie="******" --link="wan" --kbtype="pc105/us"
--nodelay="1" --backingstore="when_requested" --geometry="1400x1019"
--media="0" --agent_server="" --agent_user="" agent_password="******""
--screeninfo="1400x1019x24+render"
Killed by signal 15.
I'm guessing 'startsession' re-validates the password? I'm running
freenx-0.4.4-1.fdr.0 on FC4, btw.
tia,
Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
Now open source: http://sourceforge.net/projects/wikid-twofactor/
More information about the FreeNX-kNX
mailing list