[FreeNX-kNX] Why does nx need a two step authentication?
pegasus
pegasus at ifdo.pugmarks.com
Thu Mar 1 20:40:01 UTC 2007
As far as I know, there's no good reason. However, NX has always been this way.
One dubious advantage is that it allows for an alternate
authentication, this means that you could, in theory, selectively
allow/deny users the ability to start a session. That said, I believe
that, in most situations, a dedicated user could bypass any such
security.
One could think that they did this to fit within the older connection
model for dumb terminals: when a dumb terminal would boot, it would
create a remote session that would be run xdm, allowing a user to
authenticate with the server. Both X and vnc based thin clients have
done this in the passed. That said, I don't know know of a way to
setup nxclient to do something like this, so in this case it's not
useful.
Do note that this two phased authentication has been the source of
security problems in the past, and is a large source of configuration
issues.
I do, however, believe that very little would have to be changed to
make single authentication work, if you wish to give it a try.
Anik
On 3/1/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> Hi,
>
> why does nx need a two step authentication, once as an nx user and
> then as a local user? Can't everything run just under the user's id?
>
> Or is this just a distribution specific issue and there is no need for
> authenticating first as a special user?
> --
> Axel.Thimm at ATrpms.net
>
> ________________________________________________________________
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
> http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
> Don't forget to check the NX Knowledge Base:
> http://www.nomachine.com/kb/
>
> ________________________________________________________________
> FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
>
More information about the FreeNX-kNX
mailing list