[FreeNX-kNX] Manually setting up a FreeNX connection
fredericg_99 at yahoo.fr
fredericg_99 at yahoo.fr
Wed Jun 24 08:22:11 UTC 2009
Hi all,
I've got basically the same problem here : I'm authenticating users through Kerberos, they get their homes from AFS, but I still want to make them run applications with FreeNX...
What I managed to do as a -rather bad- workaround is :
-open an ssh shared session, authenticate
-launch nxagent remotely, it listens on a port 4000+remote_display_number
-launch nxproxy localy, it listens to 4000+local_display_number
-connect those port with
hose localhost $NXPROXYPORT --in --out $SSHCMD nc localhost $NXAGENTPORT
-run the application with :
$SSHCMD DISPLAY=:$NXAGENTDISPLAY command_to_run
(where, in both lines, $SSHCMD is my command to connect through the shared connexion)
In this example, I don't take care of .XAuthority and it seems to work "out-of-the-box", but I suspect that it is due to AFS : if the user connects locally, .XAuthority is created in his home, which is on AFS, and when it connects with ssh to a remote application server, .XAuthority also exists since the home folder is the same...
This, of course, does not use nxnode (which role I'm not sure to fully understand), and if I want sound, printing, or anything else's support, I'll have to do it by hand, so I'll be really interested with a "real" solution that uses the full power of FreeNX!
I'll give you all my thanks along with thoses of Joshua if you dare help us :-)
Frédéric.
----- "Joshua Kinard" <joshua.kinard at sdc-world.com> a écrit :
>
> Hey all,
>
> Is there any tips, tricks, or rough outlines on how to manually invoke the various components of the FreeNX package to manually setup and launch an NX session? I.e., something that I can script? My primary need is because I need pure passwordless login via a public key stored on a user's smartcard. I've got things setup such that I can start my ssh-agent and cache my public key from the card in, then run nxssh with normal OpenSSH args (-A -X, etc..) and it forwards things properly. But then I'm sitting at a shell on the server-side, not quite sure how to procede next.
>
> I suspect it involves running 'xauth list' and caching the MIT magic cookie, then somehow invoking nxnode with the long list of parameters to 'startsession' so that it sets up a new session. Then, I think, on the server (or is it the client?), I have to run nxproxy with another batch of information, created from some output that nxnode is supposed to return, so that it actually starts the X session.
>
> That's what I can tell so far, but Google isn't being very helpful, mostly returning articles on manual installations of FreeNX and all. So far, I've got two different explanations of the server-side protocol that make sense (and read a lot like an FTP server), but I want to skip using password-based login, which both protocol documents suggest is the only option. But that's usually just when talking to the nxserver. I'm assuming nxserver, once it makes sure you are who you say you are, is handily taking care of the other bits of the session setup before somehow handing back off to whatever client is on the client system. That's what I think I need to emulate, somehow.
>
> Anyways, thoughts, suggestions, etc., welcome.
>
> Thanks!
>
> Joshua Kinard
> ________________________________________________________________ Were you helped on this list with your FreeNX problem? Then please write up the solution in the FreeNX Wiki/FAQ: http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ Don't forget to check the NX Knowledge Base: http://www.nomachine.com/kb/ ________________________________________________________________ FreeNX-kNX mailing list --- FreeNX-kNX at kde.org https://mail.kde.org/mailman/listinfo/freenx-knx ________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090624/84fd92c3/attachment.html>
More information about the FreeNX-kNX
mailing list