http://bugzilla.novell.com/show_bug.cgi?id=619789 http://bugzilla.novell.com/show_bug.cgi?id=619789#c0 Summary: ssh access using keypair doesnot work with locked account Classification: openSUSE Product: openSUSE 11.3 Version: RC 2 Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: f.de.kruijf@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; nl; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.1 Firefox/3.6.6 FreeNX uses a locked account, named nx, for access. For this account access using .ssh/authorized_key2 is implemented. The private key is on the client end. The entry in /etc/passwd is: "nx:x:1100:200::/var/lib/nxserver/home:/usr/bin/nxserver" The entry in /etc/shadow is: "nx:!:14791:0:99999:7:::" This type of access is now blocked. Setting "pam-config -a --pam-debug" and using the command "ssh -i /var/lib/nxserver/home/.ssh/client.id_dsa.key nx@localhost" shows the following in /var/log/messages: Jul 4 17:42:52 eik113 sshd[4042]: pam_unix2(sshd:account): pam_sm_acct_mgmt() called Jul 4 17:42:52 eik113 sshd[4042]: pam_unix2(sshd:account): username=[nx] Jul 4 17:42:52 eik113 sshd[4042]: pam_unix2(sshd:account): expire() returned with 0 Jul 4 17:42:52 eik113 sshd[4042]: pam_unix2(sshd:account): Account is locked for nx This used to work in previous versions of openSUSE. The workaround is to enter a password for the account Reproducible: Always Steps to Reproduce: 1. Install FreeNX 2. Run nxsetup --install 3. Try to make a connection using a nxclient or give the above mentioned ssh command. The respons should show: HELLO NXSERVER - Version 2.1.0-72 OS (GPL, using backend: 3.2.0) NX> 105 However it shows: Connection closed by 127.0.0.1 In case this is required PAM behaviour, the FreeNX package should be changed and the generated nx account should be accessable using a keypair. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.