[FreeNX-kNX] Re: getting nx to work with non-standard PAM setup
Alex Aminoff
aminoff at nber.org
Tue Feb 1 20:43:05 UTC 2011
On Fri, 28 Jan 2011, chris at ccburton.com wrote:
> Alex Aminoff <aminoff at nber.org> wrote on 28/01/2011 13:23:40:
> > On Thu, 27 Jan 2011, chris at ccburton.com wrote:
> >
> > > The logging in of the user to FreeNX is done with an "expect" script
> which
> > > you can test yourself,
> > >
> > > eg run:-
> > >
> > > /usr/bin/nxnode-login ssh aminoff 22 /usr/bin/nxnode --check
> > >
> > > The script waits with NO prompt for you to enter your password.
> >
> > Thank you so much! That is exactly what we need to figure this all out!
>
> Let us know how you get on !!
[aminoff at perlw2 nx]$ ./nxnode-login ssh aminoff 22 /usr/libexec/nx/nxnode
--check
**my password**
This server requires two-factor authentication. Enter your unix password,
then either use otpw or phone authentication. Press
Password:
NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
NX> 716 finished
NX> 1001 Bye.
This appears to work.
The problem I now have is that the various PAM bits expect the ssh
connection to come from the user's machine, whereas with nx there is first
the ssh to nx, then a local ssh to the user. For example the phone
authentication system knows about local in the office phone numbers and
will try one of those first if the remote host apears to be local
(PAM_RHOST).
It is possible that previously it was working, but taking a very very long
time because it was calling the wrong phone, waiting for it to stop
ringing, then calling the correct phone.
Is there a way to not ssh in as user nx first but instead just directly as
the user?
Thanks,
- Alex Aminoff
BaseSpace.net
National Bureau of Economic Research (nber.org)
More information about the FreeNX-kNX
mailing list