[FreeNX-kNX] One-time password authentication question

Nick Owen nowen at wikidsystems.com
Tue Jan 24 21:44:07 UTC 2006


Nick Owen wrote:
> Schumacher, Felix wrote:
>> Hello,
>>
>> Zitat von Nick Owen <nowen at wikidsystems.com>:
>>
>>> I set up FreeNX on a server that already had PAM set up for WiKID auth
>>> via radius.  The setting was for "sufficient" so ssh worked with both
>>> passwords and the OTP.  FreeNX worked only with the passwords though.
>>> The first password request works, but it appears that FreeNX makes
>>> additional credential validation requests to the auth server, which of
>> FreeNX (at least in Version 0.4.5) does check your password against
>> multiple
>> authentication daemons. Which can't be done with one time passwords.
>> So you
>> have to force FreeNX to use your authentication service.
>> This could be done by using atached patch. It adds a configuration option
>> FORCE_LOGIN_METHOD=SSH in node.conf.
>> The other part sets the value LOGIN_SUCCESS=1, the LOGIN_METHOD to the
>> value of
>> FORCE_LOGIN_METHOD and in case of SSH, it exports COMMAND_SSH.
>>
>> Hope this helps
>>  Felix

Thanks to Felix for this patch, which I did get working and solved the
problem.  It would be great if this patch were included in the FreeNX
server.

I have a short how-to on what worked for me:

http://www.wikidsystems.com/howtos/2_factor_vnc/, which will work with
any pam_radius or pam_tacacs setup.

Thanks,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
Now open source: http://sourceforge.net/projects/wikid-twofactor/



More information about the FreeNX-kNX mailing list