I can't speak to the RSA pam plugin, but I know that X2Go works with OTPs using pam-radius. You can see this: http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid.
(Better to use the standard protocol for easier switching too.)
HTH,
Nick
On Fri, Mar 13, 2015 at 12:12 PM, Mihai Moldovan <ionic@ionic.de> wrote:
Hi,
On 13.03.2015 02:48 PM, swizz ly wrote:
[...] In case of the x2goclient-cli Perl script, that comes with the x2goclient source, I found, that for a single x2go connection several (3-4x?) SSH connections are made in the background. In case of SecurID RSA, only the first SSH connection can work with a given PASSCODE, it is accepted only at the first SSH connection. Perhaps the normal x2goclient behaves the same way: it tries to connect using the same PASSCODE several times, and this could be the cause of the problem.
Well, the answer is a little bit complicated.
Yes, it behaves exactly the same way. Several programs are started server side.
This includes session discovery and of course starting a new session or resuming it.
For that, a new connection is established via libssh. This connection is authenticated by any means provided: password, key, or keyboard-interactive (i.e., SecurID.)
This said, libssh uses channels for spawning new commands/shells. These channels do NO authentication but use the established main connection.
X2Go Client should only open up one connection and then use multiple channels over the already authenticated connection for doing its work.
Is it really not and instead opening up multiple connections?
Mihai
x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
-- Nick Owen -- WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication http://twitter.com/wikidsystems | #wikid on freenode.net Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP