Starting from NoMachine version 4, SSH system login with authentication based on password, private key an Kerberos ticket  is supported.

This article applies to NX Server 3.5.0 and to those cases in which it is necessary to force user authentication via password instead of RSA keys using encrypted connections between server and node 3.5.0

NX environments with Active Directory or other authentication mechanisms in place have encountered issues with the browser running on the NX server not getting access to the internet upon starting the application.

So when a user starts Firefox, for example, authentication takes place, it only logs in with public key and the user does not receive an AD ticket or Kerberos ticket.

The encryption mode between nxserver and an nxnode depends on the client settings when the remote node is added with the connection type 'user'.

If the NX session is encrypted, nxserver tries to use only ssh key authorization against the node. If the session is unencrypted, it tries with password authentication.

The expected behaviour in case of encrypted sessions, is instead  that nxserver tries to use both types, ssh key authorization and password authentication.

There are two possible workarounds:

#1
In configuration file /etc/ssh/sshd_config change:
RSAAuthentication yes
PubkeyAuthentication yes

into:

RSAAuthentication no
PubkeyAuthentication no

Restart sshd service afterwards for changes to take affect. Note that this will force password authentication, but $HOME/.ssh/authorized_keys2 file will be written too.

#2
In /usr/NX/etc/node.cfg change:
AuthorizedKeysFile authorized_keys2

into:

AuthorizedKeysFile "/dev/null"

This will also result in password authentication, but will not touch $HOME/.ssh/authorized_keys2 file.