Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 142694

Summary: net-misc/nxserver-freenx authentication conflicts with pam_ssh
Product: Gentoo Linux Reporter: Javier Miqueleiz <javier>
Component: [OLD] ServerAssignee: NX Server Herd <nx>
Status: RESOLVED FIXED    
Severity: minor CC: esenkweb
Priority: Lowest    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Javier Miqueleiz 2006-08-03 13:23:15 UTC
nxserver-freenx uses a double authentication mechanism. Firstly, the special "nx" user is authenticated via public key method. Secondly, real users are authenticated 
via user/password method.

This scheme doesn't work if pam_ssh authentication is used. The problem lies in /usr/NX/bin/nxnode-login (an expect script that launches a ssh client). The script waits for the "assword:" string, but when pam_ssh is used, "SSH passphrase:" is displayed instead. (This is the standard behavior of newer versions of pam_ssh. Older versions diplayed the normal "password:" string, see bug # 66092, http://bugs.gentoo.org/show_bug.cgi?id=66092).

Latest stable (nxserver-freenx-0.2.8) is affected. The same for latest testing (
nxserver-freenx-0.5.0).

The workaround is trivial. Just add another case to the while(1) loop of the nxnode-login expect script.

while {1} {
  expect {
    "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
+   "SSH passphrase:"  { send "$password\r" }
    "assword:"  { send "$password\r" }

I am conscious very few installs use both pam_ssh and nxserver-frenx. I am reporting primarily just in case someone finds the same problem (bugzilla makes life easier :-) ).

In any case, I would like to hear your comments...
Comment 1 Bernard Cafarelli gentoo-dev 2007-10-05 12:22:10 UTC
Upstream is working on a complete rewrite for next major version, including new authentification method (and more flexibility). This will probably fix this bug
Comment 2 Javier Miqueleiz 2007-10-05 20:41:12 UTC
Thanks...

I agree with the resolution. Better to wait for the new release and try then...


Comment 3 Bernard Cafarelli gentoo-dev 2009-04-20 15:02:31 UTC
Now that pambase has an easy USE flag to allow pam_ssh usage, and freenx rewrite is apparently dead (sorry, looks like I was too optimistic!), I've added the workaround in NX overlay to solve bug #266572.

Maybe the Ubuntu PPA team will commit this too, in the meantime reopening this bug until I've tested new nxserver-freenx-0.7.3_p104 ebuild and added it to the tree
Comment 4 Bernard Cafarelli gentoo-dev 2009-04-20 15:09:22 UTC
*** Bug 266572 has been marked as a duplicate of this bug. ***
Comment 5 Bernard Cafarelli gentoo-dev 2009-04-20 15:23:37 UTC
nxserver-freenx-0.7.3_p104 in portage now, thanks for report and patch!