Re: freenx not working with newly installed centos 6.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Apr 3, 2013 at 10:16 PM, Natxo Asenjo <natxo.asenjo@xxxxxxxxx>wrote:

Following up a bit late on this, I found out the issue with the failing
freenx sessions centos 6.4.

We have a growing freeipa infrastructure (http://freeipa.org), using the
identity management solution delivered by RHEL. ,A colleague installed a
host and before joining it to the domain, installed freenx. It worked. So
that made me think that the problem was not with freenx but with freeipa.

Indeed, a joined host to a freeipa domain gets a few options on its ssh
client and server config files:

# diff ssh_config ssh_config.ipa
48a49,52
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h


# diff sshd_config sshd_config.ipa
81d80
< GSSAPIAuthentication yes
97d95
< UsePAM yes
139a138,143
> KerberosAuthentication no
> PubkeyAuthentication yes
> UsePAM yes
> GSSAPIAuthentication yes
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys

If we revert the ssh_config and sshd_config files and join the hosts,
freenx works again.

We lose the known_hosts integration but we already were doing that witch
cfengine. For other environments this could be an issue.

I will contact the freeipa guys about this issue, but provided freenx is
not a part of RHEL, I do not think they will see this as their problem.

We'll see.

-- 
groet,
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux