Control: reassign -1 x2goclient Control: found -1 4.1.1.1
On Di 13 Feb 2018 19:29:45 CET, Walid MOGHRABI wrote:
package: x2gobroker-ssh version: 0.0.4.0-0~972~ubuntu16.04.1 priority: bug
Using the ssh broker is great because it adds the ability for the
x2goclient to interact with the auth mechanism such as PAM so that
you get notified that you need to renew a password for example. This is great but it doesn't always work well.For example, the user don't get the reason why the access is denied.
Here are different tests I made based on the following setup :
x2gobroker in ssh mode with local PAM auth based on Samba
Winbind/Kerberos.I tried both situations to compare :
- with the x2goclient in broker-ssh mode
- with a term rying to connect through SSH
- Account set for password change with temporary password in Active
Directory, user type wrong password (neither old or new one)
- with x2goclient: get message "Access denied. Authentication that
can continue: publickey,password,keyboard-interactive"- with term : "Your account has been locked. Please contact your
System administrator. Password: "
- Account set for password change with temporary password in Active
Directory, user type good password
with x2goclient: get a new password form in order to type (and
confirm) the new password. Reseting password works and you get
logged in to the broker with the sessions list displayed. However, if you click on the "cancel" button, x2goclient freeze and
must be killed, you're not sent back to the login form. On the other hand, if you change your password and then be logged
in, clicking on the session slot fails because this is the old
password that is relayed to the session slot and not the new one.
When it fails, you get a new login form to enter your password
again, if you type the new password there, it works.with term: "Password: ******" "Password expired. You must change it now." "Enter new password: ******" "Enter it again: ******" If you cancel (ctrl+c), nothing happen and you get back to the prompt. If you enter the good old password, you're prompted to change it
then you're logged in. If you enter the wrong password, your prompted to retry 2 times then
you get this message "Your account has been locked. Please contact
your System administrator" (this is our security policy, this is
normal behaviour, 2 fauils then blocked for 10mn.
- Account disabled in Active Directory
- with x2goclient: get message "Access denied. Authentication that
can continue: publickey,password,keyboard-interactive"- with term : "Your account has been locked. Please contact your
System administrator. Password: "Would be great to fix the issues in 2) and would be great to
retrieve the error message directly from PAM so that we get the
reason.
Most of this is unrelated to X2Go Broker. It needs to be worked on in
X2Go Client.
Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de