I can't speak to the RSA pam plugin, but I know that X2Go works with
OTPs using pam-radius. You can see this:
http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid.
(Better to use the standard protocol for easier switching too.)
HTH,
Nick
On Fri, Mar 13, 2015 at 12:12 PM, Mihai Moldovan <ionic@ionic.de> wrote:
> Hi,
>
>
> On 13.03.2015 02:48 PM, swizz ly wrote:
>> [...]
>> In case of the x2goclient-cli Perl script, that comes with the
>> x2goclient source, I found, that for a single x2go connection several
>> (3-4x?) SSH connections are made in the background. In case of SecurID
>> RSA, only the first SSH connection can work with a given PASSCODE, it
>> is accepted only at the first SSH connection.
>> Perhaps the normal x2goclient behaves the same way: it tries to
>> connect using the same PASSCODE several times, and this could be the
>> cause of the problem.
>
> Well, the answer is a little bit complicated.
>
> Yes, it behaves exactly the same way. Several programs are started
> server side.
>
> This includes session discovery and of course starting a new session or
> resuming it.
>
> For that, a new connection is established via libssh. This connection is
> authenticated by any means provided: password, key, or
> keyboard-interactive (i.e., SecurID.)
>
> This said, libssh uses channels for spawning new commands/shells. These
> channels do NO authentication but use the established main connection.
>
> X2Go Client should only open up one connection and then use multiple
> channels over the already authenticated connection for doing its work.
>
> Is it really not and instead opening up multiple connections?
>
>
>
> Mihai
>
>
> _______________________________________________
> x2go-user mailing list
> x2go-user@lists.x2go.org
>
http://lists.x2go.org/listinfo/x2go-user
--
Nick Owen -- WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates :
http://eepurl.com/zzUeP