[FreeNX-kNX] pre-authenticated mode?

Felipe Alfaro Solana felipe.alfaro at gmail.com
Fri Jan 16 22:57:22 UTC 2009 

On Fri, Jan 16, 2009 at 10:04 PM, Terje Andersen
<terander at guard.zapto.org>wrote:

> on., 14.01.2009 kl. 02.24 -0800, skrev Karl Chen:
> > I'm using freenx with QtNX as the client.  I don't want
> > centralized authentication (is it mainly there so NX can limit #
> > users per license?).  I want to just use regular ssh and not even
> > need the 'nx' user account on the system.  Is this possible?
>
> I'm not sure which server you are talking about, but since you mention
> licenses I take it as you are talking about the Free NXServer from
> NoMachine?
>
> Then I don't think you can go around the license issue, and you
> shouldn't have to either - if your goal is to have more users, but don't
> want to pay any extra licenses, you can use the open source FreeNX
> (http://freenx.berlios.de) which this mailinglist primarely is about.
>
> Regarding your question about the use of the special 'nx' user, it's
> there of several reasons, but as I understand it, not because it's used
> to limit the # users in the commercial/Free NXServer (not the open
> source one) - this is handled in the NXServer program itself.
>
> With it's open source counterpart, FreeNX, there is no such restrictions
> (aside from the hw-capacity), but I think the gentoo implementation does
> without the 'nx' user.
>
> As a side note; the 'nx' user is just used during the interaction with
> the server during session establishment/removal - you actually use SSH
> to login through PAM as your real user - it's a 2-step process.
>
> Hope this explains things, if not just ask :-)


The problem of using the 'nx' user is that it prevents the user from using
authentication methods other than password. For example, it's not trivial to
allow users authenticating via public keys, or even Kerberos tickets.

A while ago I started to work on a script that is able to connect to an
already existing NX session bypassing nxclient, and the authentication was
delegated via Kerberos. I didn't spend much time, but creating the session
was more difficult than attaching to an existing one.


>
> Regards,
>
> Terje
>
> ________________________________________________________________
>     Were you helped on this list with your FreeNX problem?
>    Then please write up the solution in the FreeNX Wiki/FAQ:
>
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>
>         Don't forget to check the NX Knowledge Base:
>                 http://www.nomachine.com/kb/
>
> ________________________________________________________________
>       FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>      https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>



-- 
Blog: http://big.corp.google.com/~solana/felipe/

Google Switzerland GmbH
Identifikationsnummer: CH-020.4.028.116-1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090116/2b53082e/attachment.html>

More information about the FreeNX-kNX mailing list