[FreeNX-kNX] Problems With FreeNX and PAM-SecurID/RSA Authentication
chris at ccburton.com
chris at ccburton.com
Thu Apr 5 11:13:15 UTC 2012
freenx-knx-bounces at kde.org wrote on 04/04/2012 18:38:29:
> Members,
>
> I've been having issues with getting any of my NX clients to properly
> authenticate against the FreeNX server on a remote machine. I have
> enabled SSH only--per our security directives--because we use SecurID
> PIN+token authentication for our SSH connections. Here's the behavior I
> get when I use nxnode-login to test:
>
> [root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
> can't read "expect_out(1,string)": no such variable
> while executing
> "set password $expect_out(1,string)"
> (file "/usr/bin/nxnode-login" line 57)
> [root at s4pt pam.d]#
>
> This would happen if I were to attempt to put in the SecurID PIN+token
> combo, so I figured I was 'tripping' something that the expect script
> couldn't handle, but then I went ahead--on a second attempt--and typed a
> carriage return, and got this:
>
> root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
>
>
*******************************************************************************
> * This US Government computer is for authorized users only. By
> accessing *
> * this system you are consenting to complete monitoring with no
> expectation *
> * of privacy. Unauthorized access or use may subject you to
> disciplinary *
> * action and criminal
> prosecution. *
>
*******************************************************************************
> Enter PASSCODE:
>
> which would make sense, but when typing the PIN+token, I just get the
> characters echo'ed back and the prompt just sits there. I feel like I'm
> closer to getting this working. Was wondering if anyone had any
> ideas/suggestions? Do I need to manipulate something within the expect
> script portion somewhere?
>
> Thanks.
Try editing nxnode-login, find the following (about line 72)
"Are you sure you want to continue connecting (yes/no)?" {
send "yes\r" }
"assword*:" { sleep 0.3; send "$password\r" }
and ADD this line underneath:-
"Enter PASSCODE:" { sleep 0.3; send "$password\r" }
It might work. I don't have one to test.
>
>
>
>
> --
> Paul E Virgo
> Sr. System Administrator
> Code 610
> SESDA II - DAAC/DISC
> Goddard Space Flight Ctr
> Greenbelt, MD 20771
> (301) 614-5751
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120405/2227c68f/attachment.html>
More information about the FreeNX-kNX
mailing list