On Wed, Apr 3, 2013 at 10:16 PM, Natxo Asenjo <natxo.asenjo at gmail.com>wrote: Following up a bit late on this, I found out the issue with the failing freenx sessions centos 6.4. We have a growing freeipa infrastructure (http://freeipa.org), using the identity management solution delivered by RHEL. ,A colleague installed a host and before joining it to the domain, installed freenx. It worked. So that made me think that the problem was not with freenx but with freeipa. Indeed, a joined host to a freeipa domain gets a few options on its ssh client and server config files: # diff ssh_config ssh_config.ipa 48a49,52 > GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts > PubkeyAuthentication yes > ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h # diff sshd_config sshd_config.ipa 81d80 < GSSAPIAuthentication yes 97d95 < UsePAM yes 139a138,143 > KerberosAuthentication no > PubkeyAuthentication yes > UsePAM yes > GSSAPIAuthentication yes > AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys If we revert the ssh_config and sshd_config files and join the hosts, freenx works again. We lose the known_hosts integration but we already were doing that witch cfengine. For other environments this could be an issue. I will contact the freeipa guys about this issue, but provided freenx is not a part of RHEL, I do not think they will see this as their problem. We'll see. -- groet, natxo