[FreeNX-kNX] Problems With FreeNX and PAM-SecurID/RSA Authentication

Paul E. Virgo Paul.E.Virgo at nasa.gov
Thu Apr 5 15:07:18 UTC 2012 

Chris,

That suggestion worked. I also added in a longer 'sleep' because of the 
time it takes a user to type in their PIN, then look at the SecurID RSA 
token.
Thanks, again, for the suggestion.

PEV

On 04/05/2012 07:13 AM, chris at ccburton.com wrote:
>
> freenx-knx-bounces at kde.org wrote on 04/04/2012 18:38:29:
>
> > Members,
> >
> > I've been having issues with getting any of my NX clients to properly
> > authenticate against the FreeNX server on a remote machine. I have
> > enabled SSH only--per our security directives--because we use SecurID
> > PIN+token authentication for our SSH connections. Here's the behavior I
> > get when I use nxnode-login to test:
> >
> > [root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
> > can't read "expect_out(1,string)": no such variable
> >      while executing
> > "set password $expect_out(1,string)"
> >      (file "/usr/bin/nxnode-login" line 57)
> > [root at s4pt pam.d]#
> >
> > This would happen if I were to attempt to put in the SecurID PIN+token
> > combo, so I figured I was 'tripping' something that the expect script
> > couldn't handle, but then I went ahead--on a second attempt--and 
> typed a
> > carriage return, and got this:
> >
> > root at s4pt pam.d]# nxnode-login ssh pvirgo 22 nxnode --check
> >
> > 
> *******************************************************************************
> > *  This US Government computer is for authorized users only.  By
> > accessing    *
> > *  this system you are consenting to complete monitoring with no
> > expectation  *
> > *  of privacy.  Unauthorized access or use may subject you to
> > disciplinary    *
> > *  action and criminal
> > prosecution.                                           *
> > 
> *******************************************************************************
> > Enter PASSCODE:
> >
> > which would make sense, but when typing the PIN+token, I just get the
> > characters echo'ed back and the prompt just sits there. I feel like I'm
> > closer to getting this working. Was wondering if anyone had any
> > ideas/suggestions? Do I need to manipulate something within the expect
> > script portion somewhere?
> >
> > Thanks.
>
>
> Try editing nxnode-login, find the following (about line 72)
>
>
>                "Are you sure you want to continue connecting 
> (yes/no)?" { send "yes\r" }
>                "assword*:"  { sleep 0.3; send "$password\r" }
>
> and ADD this line underneath:-
>                    "Enter PASSCODE:"  { sleep 0.3; send "$password\r" }
>
> It might work. I don't have one to test.
>
> >
> >
> >
> >
> > --
> > Paul E Virgo
> > Sr. System Administrator
> > Code 610
> > SESDA II - DAAC/DISC
> > Goddard Space Flight Ctr
> > Greenbelt, MD 20771
> > (301) 614-5751

-- 
Paul E Virgo
Sr. System Administrator
Code 610
SESDA II - DAAC/DISC
Goddard Space Flight Ctr
Greenbelt, MD 20771
(301) 614-5751

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120405/026decd2/attachment.html>

More information about the FreeNX-kNX mailing list