> I set up a Solaris 8 environement so that clients log in using dtlogin > hich uses pam_afs.so.1. Everything works just fine except when dtlogin > tries to read the user's ~/.dt/session/lastsession to find out what > session to start up. It obviously can't read the file since > system:anyuser doesn't have any rights inside the user's dir. This > causes it to ask the user which session to start up everytime they log > on. Anyone has any idea for a workaround without giving system:anyuser > read access to the user's home (to preserve a certain level of security)?
After 3 years of my users putting up with this annoyance (one faculty member bothered me at least once a month about it), I finally tracked the problem to ~/.dt/session/lastsession, as you seem to have done. The easiest thing to do is: fs sa ~/.dt/session system:anyuser rl fs sa ~/.dt system:anyuser l fs sa ~ system:anyuser l dtlogin tries to read the file before authenticating, and can't because it doesn't have a token. Setting system:anyuser = rl for that directory solves this problem. dtlogin doesn't try to write changes until after you log in and have a token, so there's no problems recording the prefered window manager for future logins. The only "security compromise" is that users can figure out what each others' default window managers are. On our systems, we already had home directories set as system:anyuser = l so apache can get to the ~/public_html directory and sendmail can get to the ~/Public/.forward file. Depending on your existing environment, you may decrease overall security by doing this. -- t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
