[FreeNX-kNX] One-time password authentication question

Fabian Franz FabianFranz at gmx.de
Wed Mar 8 01:50:18 UTC 2006


Am Dienstag, 17. Januar 2006 20:07 schrieb Nick Owen:
> Greetings list:
>
> I was interested in FreeNX due to it's support for PAM, which makes
> integration with our open source one-time password system (WiKID) pretty
> easy.
>
> I set up FreeNX on a server that already had PAM set up for WiKID auth
> via radius.  The setting was for "sufficient" so ssh worked with both
> passwords and the OTP.  FreeNX worked only with the passwords though.
> The first password request works, but it appears that FreeNX makes
> additional credential validation requests to the auth server, which of
> course fail.  Is there a way to cache the credentials or use a proxy of
> some kind? This how we got Squirrelmail working - with imapproxy.

You could change it to use ssh -M with a custom config to setup a master 
connection first, which you kill once the session is running after a timeout.

Another idea I have for a redesign is to keep a channel open to the nxnode, 
but I dunno how this can ever work with being redirected to another server / 
load-balancing.

As you seem to work in the authentication fields. Any ideas on that?

cu

Fabian

-- 
      *** Consulting - Training - Workshops - Troubleshooting ***
   @@@ LiveCDs (Knoppix), Debian, Remote Desktop Access (FreeNX) @@@

--- Fabian Franz --- www.fabian-franz.de --- consulting at fabian-franz.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20060308/0f1c62e7/attachment.sig>


More information about the FreeNX-kNX mailing list