[FreeNX-kNX] Why does nx need a two step authentication?

Fabian Franz FabianFranz at gmx.de
Fri Mar 2 01:52:36 UTC 2007


> As far as I know, there's no good reason. However, NX has always been this
> way.

Yes, there are good reasons:

sshd_config:

AllowUser nx *@127.0.0.1

+ KDE KIOSK Profile

=> Login only via NX + central session storage and management, such you have central control. This is needed for thin client and larger installations.

The second reason is really bogus, but its the truth. Just all people use the NoMachine Client. The code for pure user authentication is since ages in FreeNX CVS/SVN, but if there is no client to support it - well ...

> Do note that this two phased authentication has been the source of
> security problems in the past, 

Not as far as I remember. If you can remind me, do so, but if not this is pure FUD.

> and is a large source of configuration
> issues.

Agree.

> I do, however, believe that very little would have to be changed to
> make single authentication work, if you wish to give it a try.

If you need it from Linux client, there is nxpublickey since ages in SVN (nxutils).

So if there is so much need for this solution, where are the clients?

(Clients as in potential users and clients as in NX Clients ...)

cu

Fabian



More information about the FreeNX-kNX mailing list