Sunday, 3 August 2008

RSA SecurID integration

Short rant here... Why is it that GNOME or KDE don't support using SecurID (or OTP or anything like that that could potentially display a prompt other than "Password: ") ? To me, it is a fairly important requirement, if not for server applications, at least for the interfacing between servers and Ubuntu desktops.

We use RSA SecurID to control access to systems. If you try to use the new PAM module provided by RSA, and attempt to connect to a system using, for example, sFTP, you will notice that nautilus or dolphin will just hang there, waiting indefinitely for something, and eventually time out. This is annoying, I feel like it could be something relatively simple to fix, and I am certain it would help not only Ubuntu, but just about any distribution to see more interest from large corporations, only because the security they use is supported, and does not pose a usability problem.

Interestingly, Dolphin in KDE4.1 seems to respond a little better, and actually displays a "OpenSSH" window with a PASScode prompt... However, it then complains immediately that it cannot grb the keyboard, and even if you type something it will not be used... and the prompt will still reappear 5 times :)

I will probably take a second attempt at fixing the issue, or at least finding where the problem starts, at least in nautilus. Is there anyone who knows that could point me in the right direction?

4 comments:

jldugger said...

Step one is obviously to file a bug. If you've already done that, step two is to get people to look at it!

matt said...

Yup, obviously. I've already specific function in gvfs (handle_login in gvfsbackendsftp.c) which looks for specific strings to decide that it is a prompt for a password, and how to handle it. So I'm definitely filing a bug... And also trying to fix it. :)

Asa said...

Please post the bug URL in the comments, I would like to see when/how this progresses.

matt said...

Of course. Here it is: http://bugzilla.gnome.org/show_bug.cgi?id=546232 : Bug 546232 – GVFS can't handle an "Enter PASSCODE" password prompt.

In fact, I've managed to fix it by editing the handle_login function to add support for the specific prompt, in addition to the "Password:" and all others already in there, so the bug is fixable, and fixed in the gvfs package I posted on my PPA.