[FreeNX-kNX] One-time password authentication question
Nick Owen
nowen at wikidsystems.com
Wed Mar 8 14:45:04 UTC 2006
Fabian Franz wrote:
> Am Dienstag, 17. Januar 2006 20:07 schrieb Nick Owen:
>> Greetings list:
>>
>> I was interested in FreeNX due to it's support for PAM, which makes
>> integration with our open source one-time password system (WiKID) pretty
>> easy.
>>
>> I set up FreeNX on a server that already had PAM set up for WiKID auth
>> via radius. The setting was for "sufficient" so ssh worked with both
>> passwords and the OTP. FreeNX worked only with the passwords though.
>> The first password request works, but it appears that FreeNX makes
>> additional credential validation requests to the auth server, which of
>> course fail. Is there a way to cache the credentials or use a proxy of
>> some kind? This how we got Squirrelmail working - with imapproxy.
>
> You could change it to use ssh -M with a custom config to setup a master
> connection first, which you kill once the session is running after a timeout.
>
> Another idea I have for a redesign is to keep a channel open to the nxnode,
> but I dunno how this can ever work with being redirected to another server /
> load-balancing.
>
> As you seem to work in the authentication fields. Any ideas on that?
Fabian:
Interesting suggestions. I'm not familiar with the -M option. Have to
google it up ;). I got FreeNX working with one-time passcodes thanks to
a script from Felix Shumacher. Here's his post:
http://lists.kde.org/?l=freenx-knx&m=113766147904995&w=2
and here is a how-to on our open source site:
http://www.wikidsystems.net/howtos/2_factor_vnc
This script would be a great addition to the code, IMHO.
thanks,
nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
More information about the FreeNX-kNX
mailing list