[X2Go-User] X2Go Two-factor-authentication with SecurID

Mihai Moldovan ionic at ionic.de
Wed Nov 23 14:31:10 CET 2016


On 23.11.2016 02:03 PM, swizz ly wrote:
> Thanks for the update. I tried it, it works nicely, many thanks! However, there
> is a small thing: the user has to be aware that the "Password:" in the first
> window is ignored and has nothing to do with the two factor authentication, only
> in the pop-up window with the "Verification code:" should he/she enter the
> two-factor passcode. It might be somewhat confusing for the first time. As a
> small suggestion, I would either use the input from the "Password:" field even
> for the two-factor passcode, or in the pop-up window I would directly copy the
> prompt from the SSH session, in this case "Enter PASSCODE:" instead of
> "Verification code:".

I think that's the way PAM works.

Isn't the idea of 2FA to use both the password and a challenge auth token? Users
will need to supply their password anyway, so I don't see the problem at hand
currently. Do we get two windows, one for the password (or private key
passphrase) and one for the verification code, EVEN THOUGH the password/private
key passphrase has been set directly in the session config or via an SSH agent?

Copying the prompt actually sounds like a good idea, though, yeah.



Mihai


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20161123/54c8baf7/attachment.pgp>


More information about the x2go-user mailing list