[FreeNX-kNX] Re: getting nx to work with non-standard PAM setup

[chris at ccburton.com]

Alex Aminoff <aminoff at nber.org> wrote on 01/02/2011 20:43:05:

[SNIP]
> > Let us know how you get on !!
> 
> [aminoff at perlw2 nx]$ ./nxnode-login ssh aminoff 22 
/usr/libexec/nx/nxnode 
> --check
> **my password**
> This server requires two-factor authentication. Enter your unix 
password, 
> then either use otpw or phone authentication. Press

You didn't fix the # after "Press", however, as I said before, your users
won't see this message anyway, so you may as well get rid of it
altogether.

> Password:
> NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: 3.3.0)
> NX> 716 finished
> NX> 1001 Bye.
> 
> 
> This appears to work.

Yup

> The problem I now have is that the various PAM bits expect the ssh 
> connection to come from the user's machine, whereas with nx there is 
first 
> the ssh to nx, then a local ssh to the user. For example the phone 
> authentication system knows about local in the office phone numbers and 
> will try one of those first if the remote host apears to be local 
> (PAM_RHOST).
> 
> It is possible that previously it was working, but taking a very very 
long 
> time because it was calling the wrong phone, waiting for it to stop 
> ringing, then calling the correct phone.

Probably . . .

> Is there a way to not ssh in as user nx first but instead just directly 
as 
> the user?

Usemode

http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_Howto

I haven't used it, so start with google and a search through the list.

> Thanks,
> 
>    - Alex Aminoff
>      BaseSpace.net
>      National Bureau of Economic Research (nber.org)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20110202/052b4886/attachment.html>