[FreeNX-kNX] One-time password authentication question
Fabian Franz
FabianFranz at gmx.de
Wed Mar 8 01:50:18 UTC 2006
Am Dienstag, 17. Januar 2006 20:07 schrieb Nick Owen:
> Greetings list:
>
> I was interested in FreeNX due to it's support for PAM, which makes
> integration with our open source one-time password system (WiKID) pretty
> easy.
>
> I set up FreeNX on a server that already had PAM set up for WiKID auth
> via radius. The setting was for "sufficient" so ssh worked with both
> passwords and the OTP. FreeNX worked only with the passwords though.
> The first password request works, but it appears that FreeNX makes
> additional credential validation requests to the auth server, which of
> course fail. Is there a way to cache the credentials or use a proxy of
> some kind? This how we got Squirrelmail working - with imapproxy.
You could change it to use ssh -M with a custom config to setup a master
connection first, which you kill once the session is running after a timeout.
Another idea I have for a redesign is to keep a channel open to the nxnode,
but I dunno how this can ever work with being redirected to another server /
load-balancing.
As you seem to work in the authentication fields. Any ideas on that?
cu
Fabian
--
*** Consulting - Training - Workshops - Troubleshooting ***
@@@ LiveCDs (Knoppix), Debian, Remote Desktop Access (FreeNX) @@@
--- Fabian Franz --- www.fabian-franz.de --- consulting at fabian-franz.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20060308/0f1c62e7/attachment.sig>
More information about the FreeNX-kNX
mailing list