From mike.gabriel@das-netzwerkteam.de Fri Dec 13 12:17:19 2013 Received: (at submit) by bugs.x2go.org; 13 Dec 2013 11:17:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 124335DB17 for ; Fri, 13 Dec 2013 12:17:19 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 9666A1E947 for ; Fri, 13 Dec 2013 12:17:18 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 616D13C075 for ; Fri, 13 Dec 2013 12:17:18 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFB6T2oTknfJ for ; Fri, 13 Dec 2013 12:17:18 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 26A3F3BB68 for ; Fri, 13 Dec 2013 12:17:18 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 13 Dec 2013 11:17:18 +0000 Date: Fri, 13 Dec 2013 11:17:18 +0000 Message-ID: <20131213111718.Horde.mO-2qGd0ZyJ89U7-j9al-g3@mail.das-netzwerkteam.de> From: Mike Gabriel To: "submit@bugs.x2go.org" Subject: GSSAPI support falls back to SSH key User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Iceweasel/23.0 Content-Type: multipart/signed; boundary="=_ptaZhXpYfiA10XKdRdIgkA2"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_ptaZhXpYfiA10XKdRdIgkA2 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Package: x2goclient Version: 4.0.1.2-pre03 Hi Alex, with the latest GSSAPI patch in X2Go Client, I observe the following: Session profile options: autologin = false krblogin = true If GSSAPI fails, the underlying ssh process falls back to SSH-key based authentication. When this happens on passphrase protected SSH keys, I see this when running X2Go Client from the command line: """ mike@:~$ LANG=C x2goclient x2go-INFO-1> "Starting x2goclient..." x2go-WARNING-1> "Can't load translator: :/x2goclient_c" x2go-WARNING-2> "Can't load translator: :/qt_C" x2go-INFO-3> "Started x2goclient." x2go-INFO-8> "Starting connection to server: fylgja.das-netzwerkteam.de:32032" Enter passphrase for key '/home/mike/.ssh/id_rsa': """ ^^^^^^^^^^^^^^^^^^ At this point X2Go Client waits for the input and only continues with SSH key based authentication then (although autologin has been set to false!). Seems like you should limit the ssh subprocess execution to GSSAPIAuthentication only and disable all other auth methods (unless autologin is true). Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_ptaZhXpYfiA10XKdRdIgkA2 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJSquy9AAoJEJr0azAldxsx/u8P/0tZSXj1KYV2Lkm+Vzbptlkt 1jcL5Mw768hXIhx6mu98+X0AeJF8f+3INg9woPJ3PLkJi0+K+Z+ifecpqTbj0NiL u/blGmgSkIsi9H52jCB4ZSeLpbedyHTsjpW2pNz+MKmhqxmrq1AaVShxSg8L9FQm HWF6OfRdfVaQ9dmKuOaAyHutdslsQ1F+JwT7JXVpnhsczStwTc+oTDxyF/CkI2Vt cmyutEQoADO8cPcAO77ofMZNlc2NinqVOgXXkq1wLmZOf5qfO2XOIb0bonBhVeYf A4DVPOA+j5GwYlqbFHKbAcBu7V/9CGIoRXyKd0c1GakTgL4Y5Zzyj+Do68INauN3 Cq9pSlAgwVl/LXUtrB1u9XvXU2QPn9P7rSJFv/bl+jcbfDSMI0cXgchepvV4J9LT aSmzHfepvPGXpcDBH55OP6bEEtJvIUOuqPKzZKlv/uRyYRGFWs5qRzcibIEFBg7y bGQVAHldb0GlMu/8MCcBJIXQEiB7+wCZaySsJh6xg0rHOmUUWKY45QK5O0mBgWBU Xh1nqtAGMkdg0NoDcrMccanbFOxPktKKE/YlLwUb1qmW0eDm0kZnLctxkAft7ilU d6lo9g6+NNA8ZWb9cZEZgkGmDJIL1COlnzSxFXr+AKVprNo2JTXEirnbYCQoDG3F q2uJD30m5vQTQ69xEYIP =HmDb -----END PGP SIGNATURE----- --=_ptaZhXpYfiA10XKdRdIgkA2--