[prev in list] [next in list] [prev in thread] [next in thread]
List: freenx-knx
Subject: Re: [FreeNX-kNX] One-time password authentication question
From: Fabian Franz <FabianFranz () gmx ! de>
Date: 2006-03-08 1:50:18
Message-ID: 200603080250.23721.FabianFranz () gmx ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Am Dienstag, 17. Januar 2006 20:07 schrieb Nick Owen:
> Greetings list:
>
> I was interested in FreeNX due to it's support for PAM, which makes
> integration with our open source one-time password system (WiKID) pretty
> easy.
>
> I set up FreeNX on a server that already had PAM set up for WiKID auth
> via radius. The setting was for "sufficient" so ssh worked with both
> passwords and the OTP. FreeNX worked only with the passwords though.
> The first password request works, but it appears that FreeNX makes
> additional credential validation requests to the auth server, which of
> course fail. Is there a way to cache the credentials or use a proxy of
> some kind? This how we got Squirrelmail working - with imapproxy.
You could change it to use ssh -M with a custom config to setup a master
connection first, which you kill once the session is running after a timeout.
Another idea I have for a redesign is to keep a channel open to the nxnode,
but I dunno how this can ever work with being redirected to another server /
load-balancing.
As you seem to work in the authentication fields. Any ideas on that?
cu
Fabian
--
*** Consulting - Training - Workshops - Troubleshooting ***
@@@ LiveCDs (Knoppix), Debian, Remote Desktop Access (FreeNX) @@@
--- Fabian Franz --- www.fabian-franz.de --- consulting@fabian-franz.de
[Attachment #5 (application/pgp-signature)]
_______________________________________________
FreeNX-kNX mailing list
FreeNX-kNX@kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic