www.cendio.com
Bug 4782 - windows 2008+ novell client doesn't like INFO_PASSWORD_IS_SC_PIN
: windows 2008+ novell client doesn't like INFO_PASSWORD_IS_SC_PIN
Status: CLOSED FIXED
: ThinLinc
rdesktop
: trunk
: PC Unknown
: P2 Normal
: 4.1.1
Assigned To:
:
:
:
: 4732
  Show dependency treegraph
 
Reported: 2013-08-26 16:04 by
Modified: 2013-11-14 14:53 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-08-26 16:04:32
When we fixed bug 3393 we apparently broke the Novell client on Windows 2008.
That dumb bastard apparently looks at the flag, and then does the wrong thing.
If it is set, it will completely ignore the provided PIN and won't enable
single sign-on.

As I don't think we can detect if Novell is used in the other end, I assume
we'll have to have a configuration variable for this.


We've also had reports that this works fine from Microsoft's client. No idea
how though. Perhaps it uses CredSSP with NTLM instead and that is less broken
in Novell?
------- Comment #2 From cendio 2013-09-10 11:29:41 -------
One option could be to add a new flag that "undoes" the -i.
------- Comment #3 From cendio 2013-09-27 14:15:14 -------
Commit 27972 adds novell configuration option to rdp appserver group that will
disable use of PIN as password feature in rdesktop.
------- Comment #4 From cendio 2013-09-27 14:36:06 -------
Commit 27973 updates the documentation with the new configuration option-
------- Comment #5 From cendio 2013-09-30 08:46:33 -------
(In reply to comment #3)
> Commit 27972 adds novell configuration option to rdp appserver group that will
> disable use of PIN as password feature in rdesktop.

Commit 27972 logics is wrong, commit 27977 solves that.
------- Comment #6 From cendio 2013-10-24 14:52:36 -------
This parameter isn't in the appservergroups.hconf file.

There's no way to configure the parameter from tlwebadm.

The documentation is _very_ vague about what behavior this parameter actually
controls:

  /appservergroups/rdp/<appgroup>/novell
    Set this parameter to true to improve compatibility with servers that   
    authenticate against Novell eDirectory.

Compare to the documentation for novelluser_reconnect, a parameter in the same
folder:

  /appservergroups/rdp/<appgroup>/novelluser_reconnect

    If the TLNOVELLUSER variable is set, tl-run-rdesktop will use its value
    as the default username for the RDP connection. This variable is typically
    set by tl-set-novelluser.sh to enable Single Sign-On with the Novell
    Windows Client. Some systems, however, require that the full username is
    used to start new sessions, but need the short username when reconnecting
    to existing sessions. This mode is activated by setting this parameter to
    false. This usage requires that the ThinLinc Load Agent is running on the
    Windows system. The default value is true, which means that the
    TLNOVELLUSER variable will always be used, if it is deļ¬ned.
------- Comment #7 From cendio 2013-10-24 16:35:53 -------
(In reply to comment #6)
> This parameter isn't in the appservergroups.hconf file.
> 
Fixed in commit 28081.
------- Comment #8 From cendio 2013-10-25 11:29:29 -------
The actual code changes work fine. Setting novell=true prevents rdesktop from
being started with the -i argument if there's a SSO token passphrase.
------- Comment #9 From cendio 2013-10-28 10:36:35 -------
(In reply to comment #6)

> There's no way to configure the parameter from tlwebadm.
> 
Due to Novell integration is low prioritized it is left out.

> The documentation is _very_ vague about what behavior this parameter actually
> controls:
> 
>   /appservergroups/rdp/<appgroup>/novell
>     Set this parameter to true to improve compatibility with servers that   
>     authenticate against Novell eDirectory.
> 

It is intentionally very vague with the reason, that this option might include
more fixes in future. Due to low priority of Novell integration we don't want
to specify and spend the time to keep that information in sync and up to date.
------- Comment #10 From cendio 2013-10-28 10:49:44 -------
Ok then.