292520 – net-misc/neatx su/ssh authentication

Bug 292520 - net-misc/neatx su/ssh authentication

Summary: net-misc/neatx su/ssh authentication

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo NX Server project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-11-09 13:14 UTC by Stefan de Konink
Modified:	2010-05-19 15:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan de Konink 2009-11-09 13:14:33 UTC

I wonder if anyone has a working neatx 'out of the box' gentoo experience.

I am personally ending up in the following debug log:
Nov  9 14:11:36 nemesis nxserver-login[17062]: DEBUG auth:53 Auth command ['/usr/lib64/neatx/ttysetup', '/bin/su', 'skinkie', '-c', 'cd && /usr/lib64/neatx/nxserver --proto=3030000 -- skinkie']
Nov  9 14:11:38 nemesis su[17064]: pam_authenticate: Permission denied
Nov  9 14:11:38 nemesis su[17064]: FAILED su for skinkie by nx
Nov  9 14:11:38 nemesis su[17064]: - /dev/pts/0 nx:skinkie
Nov  9 14:11:38 nemesis nxserver-login[17062]: ERROR nxserver_login:261 Authentication failed
Nov  9 14:11:38 nemesis nxserver-login[17062]: Traceback (most recent call last):
Nov  9 14:11:38 nemesis nxserver-login[17062]:   File "/usr/lib64/python2.6/site-packages/neatx/app/nxserver_login.py", line 259, in _TryLogin
Nov  9 14:11:38 nemesis nxserver-login[17062]:     authenticator.AuthenticateAndRun(username, password, args)
Nov  9 14:11:38 nemesis nxserver-login[17062]:   File "/usr/lib64/python2.6/site-packages/neatx/auth.py", line 116, in AuthenticateAndRun
Nov  9 14:11:38 nemesis nxserver-login[17062]:     child.exitstatus, child.signalstatus))
Nov  9 14:11:38 nemesis nxserver-login[17062]: AuthFailedError: Authentication failed (output='Password: su: Permission denied', exitstatus=None, signum=None)
Nov  9 14:11:38 nemesis nxserver-login[17062]: DEBUG protocol:172 >>> 'NX> 404 ERROR: wrong password or login.\n'

I wonder should something be changed related to PAM?

Reproducible: Always




        app-admin/eselect-compiler: (none)
        app-shells/bash:       4.0_p35
        dev-java/java-config:  1.3.7-r1 2.1.9-r1
        dev-lang/python:       2.5.4-r2 2.6.3 3.1.1-r1
        dev-python/pycrypto:   2.1.0_beta1
        dev-util/ccache:       2.4-r8
        dev-util/cmake:        2.6.4-r3
        dev-util/confcache:    (none)
        sys-apps/baselayout:   2.0.1
        sys-apps/openrc:       0.5.2-r1
        sys-apps/sandbox:      2.2
        sys-devel/autoconf:    2.13 2.63-r1
        sys-devel/automake:    1.10.2 1.11 1.4_p6 1.5 1.6.3 1.7.9-r1 1.8.5-r3 1.9.6-r2
        sys-devel/binutils:    2.20
        sys-devel/gcc-config:  1.4.1
        sys-devel/libtool:     2.2.6a
        virtual/os-headers:    2.6.30-r1 (for sys-kernel/linux-headers::installed)

Comment 1 Bernard Cafarelli gentoo-dev

2009-12-15 10:21:07 UTC

Nov  9 14:11:38 nemesis su[17064]: pam_authenticate: Permission denied

nx cannot su to your normal user, probably pam related indeed

Can you try to remove the nx user (and its home folder), and remerge neatx to recreate it? Then try something like this on the server
# sudo -u nx bash (run shell as nx user)
$ su - youruser
and see what it reports

Comment 2 Andrew Rigney 2010-05-17 04:48:12 UTC

(In reply to comment #1)
> Nov  9 14:11:38 nemesis su[17064]: pam_authenticate: Permission denied
> 
> nx cannot su to your normal user, probably pam related indeed
> 
> Can you try to remove the nx user (and its home folder), and remerge neatx to
> recreate it? Then try something like this on the server
> # sudo -u nx bash (run shell as nx user)
> $ su - youruser
> and see what it reports
> 

I was having the same problem as the OP.
Adding the nx user to the wheel group worked for me.
eg. (as root) gpasswd -a nx wheel

NeatX works pretty well, but I have only just got it working.  Doesn't play nice with my dual screen setup I have at work though.

Comment 3 Bernard Cafarelli gentoo-dev

2010-05-19 15:02:17 UTC

Ah thanks for pointing this out, I had not seen that this was with su authentication (which requires nx user in wheel group, as explained in postinstall log).

nx user is not added by default to wheel group as other authentication methods and other NX servers do not need it (and allowing nx to run sudo when not needed is not a good idea)

So working with nx user in wheel group, thanks for the report :)