[FreeNX-kNX] Problems With FreeNX and PAM-SecurID/RSA Authentication

chris at ccburton.com chris at ccburton.com
Fri Apr 6 11:20:12 UTC 2012


"Paul E. Virgo" <Paul.E.Virgo at nasa.gov> wrote on 05/04/2012 16:07:18:

> Chris,
> 
> That suggestion worked. I also added in a longer 'sleep' because of 
> the time it takes a user to type in their PIN, then look at the 
> SecurID RSA token.

Isn't the Token entered before you click connect on
the nxclient ??


FYI ICIH

The sleep 0.3 is to tell expect to wait a quarter
second, before sending the password TO SSH


Often, password "reads" clear their buffers after
out-putting the prompt, so as not to try logging-in
with "stray" keypresses, so a delay to allow this
to complete is helpful.


If you want to test nxnode-login as it is deployed
from nxserver, you need to try : -


        sudo su -l -s /bin/bash nx

# then at the (nx user) prompt ( and all on one line if it wrapped )

        echo my-password|/usr/bin/nxnode-login ssh my-username 22 
/usr/bin/nxnode --check


You can see than the password is already there, before
the launch of nxlogin-helper by nxserver

and the 

        expect_user -re "(.*)\n"
        set password $expect_out(1,string)

which reads from stdin,
where
you got that error first time
is
the script reading the password
not
ssh which isn't spawned till later.


> Thanks, again, for the suggestion.
> 
> PEV

I don't know how long it takes a user to work one of
those ID things (2 mins?? (pin? pin? oh!what was it??))
but
if you set that sleep to too long
thinking to
"allow" one of your slow-coach seniors to work it out,
you may well
start getting timeouts "further down the line",
so
if I was you I'd leave it as 0.3


> Paul E Virgo
> Sr. System Administrator
> Code 610
> SESDA II - DAAC/DISC
> Goddard Space Flight Ctr

Nice place to work.

Who's heard of Goddard these days ??
but I notice von Braun knew all
about him.

Shame he died and missed out on doing
Saturn 5 etc.

> Greenbelt, MD 20771
> (301) 614-5751
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120406/a430f70f/attachment.html>


More information about the FreeNX-kNX mailing list