[prev in list] [next in list] [prev in thread] [next in thread]
List: freenx-knx
Subject: Re: [FreeNX-kNX] One-time password authentication question
From: "Schumacher, Felix " <Felix.Schumacher () debeka ! de>
Date: 2006-01-19 9:04:35
Message-ID: 1137661475.43cf5623c2adc () portal ! server ! debeka ! de
[Download RAW message or body]
This message is in MIME format.
Hello,
Zitat von Nick Owen <nowen@wikidsystems.com>:
> I set up FreeNX on a server that already had PAM set up for WiKID auth
> via radius. The setting was for "sufficient" so ssh worked with both
> passwords and the OTP. FreeNX worked only with the passwords though.
> The first password request works, but it appears that FreeNX makes
> additional credential validation requests to the auth server, which of
FreeNX (at least in Version 0.4.5) does check your password against multiple
authentication daemons. Which can't be done with one time passwords. So you
have to force FreeNX to use your authentication service.
This could be done by using atached patch. It adds a configuration option
FORCE_LOGIN_METHOD=SSH in node.conf.
The other part sets the value LOGIN_SUCCESS=1, the LOGIN_METHOD to the value of
FORCE_LOGIN_METHOD and in case of SSH, it exports COMMAND_SSH.
Hope this helps
Felix
["freenx-force-authentication-method.diff" (application/octet-stream)]
Index: node.conf.sample
===================================================================
--- node.conf.sample (revision 385)
+++ node.conf.sample (revision 476)
@@ -371,3 +371,4 @@
# Extra options to nxproxy. See !M documentation for useful parameters.
#PROXY_EXTRA_OPTIONS=""
+#FORCE_LOGIN_METHOD="SSH"
Index: nxserver
===================================================================
--- nxserver (revision 385)
+++ nxserver (revision 476)
@@ -527,6 +527,17 @@
read -s PASS
echo_x ""
log 6 -n "Info: Auth method: "
+
+ if [ -n "$FORCE_LOGIN_METHOD" ]
+ then
+ log 6 -n "Info: Forced LOGIN_METHOD to $FORCE_LOGIN_METHOD"
+ LOGIN_SUCCESS="1"
+ LOGIN_METHOD="$FORCE_LOGIN_METHOD"
+ if [ "$FORCE_LOGIN_METHOD" == "SSH" ]
+ then
+ export COMMAND_SSH
+ fi
+ fi
# USER already logged in?
if [ "$ENABLE_USERMODE_AUTHENTICATION" = "1" ]
_______________________________________________
FreeNX-kNX mailing list
FreeNX-kNX@kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic