Bugzilla – Bug 7100
Avoid dual authentication prompts with RDP load balancer
Last modified: 2019-02-07 15:52:26
You need to
before you can comment on or make changes to this bug.
* RHEL 6.9 i386
When I log in to ThinLinc with SSH public key authentication
and start tl-run-rdesktop, I expect to see an rdesktop window.
What actually happens:
rdesktop hangs on a read from stdin.
This is (most likely) a password prompt from rdesktop. tl-run-rdesktop does not
handle this and present it to the user. After running tl-sso-update-password,
tl-run-rdesktop works as expected.
This problem originates from the upstream fix:
Author: Henrik Andersson <firstname.lastname@example.org>
Date: 2017-08-15 12:37:14 +0200
Always prompt for password if not provided via commandline.
This fixes several issues where credentials are required
before the connection is carried out. Such as dual
authentication prompts when redirected by load balancer.
We need to explore the various solutions.
We have decided to patch out the required password prompt locally in ThinLinc
for the upcoming release due to the upstream solution is not 100% correct.
Unfortunately the #ifdef wasn't enough as SSO no longer works now.
The #ifdef completely removes the call to read_password(). We need to bring
back the prompt_password variable and associated behaviour from r32760.
Tested that we now have the same behaviour as in ThinLinc 4.8.0. Tested against
2008R2, 2012R2 and 2016, both with and without CredSSP, and with and without
With SSO everything works fine. Without SSO you get one server side auth in
every case except redirect for a new session when you get two (same on all
rdesktop (and associated tools) is being removed from the ThinLinc product.