[CentOS] freenx not working with newly installed centos 6.4

Wed May 22 12:27:13 UTC 2013
Natxo Asenjo <natxo.asenjo at gmail.com>

On Wed, Apr 3, 2013 at 10:16 PM, Natxo Asenjo <natxo.asenjo at gmail.com>wrote:

Following up a bit late on this, I found out the issue with the failing
freenx sessions centos 6.4.

We have a growing freeipa infrastructure (http://freeipa.org), using the
identity management solution delivered by RHEL. ,A colleague installed a
host and before joining it to the domain, installed freenx. It worked. So
that made me think that the problem was not with freenx but with freeipa.

Indeed, a joined host to a freeipa domain gets a few options on its ssh
client and server config files:

# diff ssh_config ssh_config.ipa
48a49,52
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h


# diff sshd_config sshd_config.ipa
81d80
< GSSAPIAuthentication yes
97d95
< UsePAM yes
139a138,143
> KerberosAuthentication no
> PubkeyAuthentication yes
> UsePAM yes
> GSSAPIAuthentication yes
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys

If we revert the ssh_config and sshd_config files and join the hosts,
freenx works again.

We lose the known_hosts integration but we already were doing that witch
cfengine. For other environments this could be an issue.

I will contact the freeipa guys about this issue, but provided freenx is
not a part of RHEL, I do not think they will see this as their problem.

We'll see.

-- 
groet,
natxo