Bug 142694

nxserver-freenx uses a double authentication mechanism. Firstly, the special "nx" user is authenticated via public key method. Secondly, real users are authenticated 
via user/password method.

This scheme doesn't work if pam_ssh authentication is used. The problem lies in /usr/NX/bin/nxnode-login (an expect script that launches a ssh client). The script waits for the "assword:" string, but when pam_ssh is used, "SSH passphrase:" is displayed instead. (This is the standard behavior of newer versions of pam_ssh. Older versions diplayed the normal "password:" string, see bug # 66092, http://bugs.gentoo.org/show_bug.cgi?id=66092).

Latest stable (nxserver-freenx-0.2.8) is affected. The same for latest testing (
nxserver-freenx-0.5.0).

The workaround is trivial. Just add another case to the while(1) loop of the nxnode-login expect script.

while {1} {
  expect {
    "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
+   "SSH passphrase:"  { send "$password\r" }
    "assword:"  { send "$password\r" }

I am conscious very few installs use both pam_ssh and nxserver-frenx. I am reporting primarily just in case someone finds the same problem (bugzilla makes life easier :-) ).

In any case, I would like to hear your comments...