[FreeNX-kNX] One-time password authentication question

Nick Owen nowen at wikidsystems.com
Tue Jan 17 22:22:08 UTC 2006 

Thorsten Sandfuchs wrote:
> On Tue, Jan 17, 2006 at 02:07:52PM -0500, Nick Owen wrote:
>> The first password request works, but it appears that FreeNX makes 
>> additional credential validation requests to the auth server, which of 
> 
> I don't know if I understood your problem right, but I think this could be
> solved with the "nxssh"-workaround (found under nxutils in svn) by fabian (see
> Message-Id: <200507050247.22930.FabianFranz at gmx.de> for details)
> 
> 				/fux

Thanks for the tip, Thorsten, but the goal there seems to be 
password-less authentication with existing public keys (correct me if 
I'm wrong). What I want is a single password request to go out via 
radius or tacacs+.   With ssh, it just goes out once.  With FreeNX, it 
goes out twice, according to /var/log/secure.  The auth server logs show 
the password accepted once, then rejected the second attempt as well.

Here is the detail from the time-out:

NX> 203 NXSSH running with pid: 9755
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 200 Connected to address: *ipaddress* on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
HELLO NXSERVER - Version 1.4.0-44 OS (GPL)
NX> 105 hello NXCLIENT - Version 1.5.0
NX> 134 Accepted protocol: 1.5.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: nowen
NX> 102 Password:
NX> 103 Welcome to: servername user: nowen
NX> 105 listsession --user="nowen" --status="suspended,running" 
--geometry="1400x1050x24+render" --type="unix-kde"
NX> 127 Sessions list of user 'nowen' for reconnect:

Display Type             Session ID                       Options  Depth 
Screen         Status      Session Name
------- ---------------- -------------------------------- -------- ----- 
-------------- ----------- ------------------------------


NX> 148 Server capacity: not reached for user: nowen
NX> 105 startsession --session="support" --type="unix-kde" --cache="8M" 
--images="32M" --cookie="******" --link="wan" --kbtype="pc105/us" 
--nodelay="1" --backingstore="when_requested" --geometry="1400x1019" 
--media="0" --agent_server="" --agent_user="" agent_password="******"" 
--screeninfo="1400x1019x24+render"

Killed by signal 15.

I'm guessing 'startsession' re-validates the password?  I'm running 
freenx-0.4.4-1.fdr.0 on FC4, btw.

tia,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
Now open source: http://sourceforge.net/projects/wikid-twofactor/

More information about the FreeNX-kNX mailing list