[FreeNX-kNX] Avoid double call of ssh?

Joachim Breitner joachim.breitner at itomig.de
Mon Sep 1 15:26:30 UTC 2008


Hi,

while working on the Linux migration of the City of Boeblingen, I was
trying to use FreeNX on a machine that makes heavy use of PAM for
session setup, especially mounting three CIFS file systems with
pam_mount. Currently, when using ssh authentication with FreeNX 0.7.2,
FreeNX makes two calls to ssh: One to verify the pasword, and a second
one to actually log in. This quick repetition caused problems with
pam_mount. I had to disable the first call to make it work nicely.

I’m wondering: Why do you need these two calls anyways? Would it be
possible to skip the first one in a clean manner, as the second one
already does password checking?

If the two stages are really required, then please consider adding a PAM
authentication variant that only calls the “auth” phase of PAM, but does
not create a session by running the “session” stage – after all, this is
what you are doing by the first call to ssh. This can easily be done by
a program similar to this one:
http://git.0pointer.de/?p=pam_dotfile.git;a=blob;f=src/pamtest.c

Greetings and thanks,
Joachim Breitner


-- 
Joachim Breitner .  . . . . . . . . . . . joachim.breitner at itomig.de
ITOMIG, Inhaber: David Gümbel . . . . . . . . . http://www.itomig.de
Sand 14 . . . . . . . . . . . . . . . . . . . . . . D-72076 Tübingen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20080901/057bc68d/attachment.sig>


More information about the FreeNX-kNX mailing list