When we fixed bug 3393 we apparently broke the Novell client on Windows 2008. That dumb bastard apparently looks at the flag, and then does the wrong thing. If it is set, it will completely ignore the provided PIN and won't enable single sign-on.
As I don't think we can detect if Novell is used in the other end, I assume we'll have to have a configuration variable for this.
We've also had reports that this works fine from Microsoft's client. No idea how though. Perhaps it uses CredSSP with NTLM instead and that is less broken in Novell?
One option could be to add a new flag that "undoes" the -i.
Commit 27972 adds novell configuration option to rdp appserver group that will disable use of PIN as password feature in rdesktop.
Commit 27973 updates the documentation with the new configuration option-
(In reply to comment #3)
> Commit 27972 adds novell configuration option to rdp appserver group that will
> disable use of PIN as password feature in rdesktop.
Commit 27972 logics is wrong, commit 27977 solves that.
This parameter isn't in the appservergroups.hconf file.
There's no way to configure the parameter from tlwebadm.
The documentation is _very_ vague about what behavior this parameter actually controls:
Set this parameter to true to improve compatibility with servers that
authenticate against Novell eDirectory.
Compare to the documentation for novelluser_reconnect, a parameter in the same folder:
If the TLNOVELLUSER variable is set, tl-run-rdesktop will use its value
as the default username for the RDP connection. This variable is typically
set by tl-set-novelluser.sh to enable Single Sign-On with the Novell
Windows Client. Some systems, however, require that the full username is
used to start new sessions, but need the short username when reconnecting
to existing sessions. This mode is activated by setting this parameter to
false. This usage requires that the ThinLinc Load Agent is running on the
Windows system. The default value is true, which means that the
TLNOVELLUSER variable will always be used, if it is deﬁned.
(In reply to comment #6)
> This parameter isn't in the appservergroups.hconf file.
Fixed in commit 28081.
The actual code changes work fine. Setting novell=true prevents rdesktop from being started with the -i argument if there's a SSO token passphrase.
(In reply to comment #6)
> There's no way to configure the parameter from tlwebadm.
Due to Novell integration is low prioritized it is left out.
> The documentation is _very_ vague about what behavior this parameter actually
> Set this parameter to true to improve compatibility with servers that
> authenticate against Novell eDirectory.
It is intentionally very vague with the reason, that this option might include more fixes in future. Due to low priority of Novell integration we don't want to specify and spend the time to keep that information in sync and up to date.