[FreeNX-kNX] One-time password support?

[Nick Owen]

> -----Original Message-----
> From: Todd A. Jacobs [mailto:nospam at codegnome.org] 
> Sent: Saturday, March 11, 2006 4:55 PM
> To: freenx-knx at kde.org
> Subject: Re: [FreeNX-kNX] One-time password support?
> 
> On Sat, Mar 11, 2006 at 04:43:41PM -0500, Nick Owen wrote:
> 
> > passcodes was that FreeNX kept asking for the password again and 
> > again, which obviously didn't work. I got a patch that solved that 
> > issue.  There is a how-to on it here:
> 
> On the commercial version, it doesn't seem to have that 
> problem, but here's what I have to do to get it working:
> 
>     1. Attempt login with SSH client.
>     2. Get sequence number, but *DON'T* log in.
>     3. Calculate password or read appropriate sequence off a 
> pre-printed
>        sheet.
>     4. Type the (pre-)calculated password into the nxclient dialog.
>     5. Connect.
> 
> So, the problems are two-fold:
> 
>     - You can't connect without knowing the next OTP in sequence ahead
>       of time.
> 
>     - If OTP fails, you don't get the next authentication mechanism in
>       sequence (e.g. regular password).
> 
> This is possibly more of a limitation on the client side 
> rather than the server, but I'm sure both are involved. Even 
> with the FreeNX server patch, I don't think it would really 
> resolve the problems I'm describing, would it.

No, sorry, I don't think so.  It sounds perhaps like the second problem
stems from pam being set to 'required' instead of 'sufficient'.

Nick

--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor Now open
source: http://sourceforge.net/projects/wikid-twofactor/