Fitra,
With SRSS 3.1, we have introduced "Regional
Hotdesking", aka "Automatic Multi-Group
Hotdesking" (AMGH). This can be used for two
purposes. It can be used to forward Sun Ray
between different Server Groups based on
username/MAC/IP/smartcard. It can also be used to
map MAC/IP/smartcard to a username (possibly, but
not necessarily, in combination with forwarding).
So you can configure AMGH such that when you
insert a smartcard you are presented with a
"Welcome <username>, enter password" screen.
Today this is provided for convenience only, and
the "Start Over" button will clear the username
and allow the user to enter a different one.
There seems to be a fair amount of interest in
making the username more tightly bound so that
"Start Over" doesn't override it.
An unsupported way to make the binding tight, that
seems to have worked for some people, is to simply
remove the "clearuser" argument from
/opt/SUNWut/lib/pam_sunray_amgh.so.1 in
/etc/pam.conf:
-Bob
fitra budi anggoro wrote:
Dear All,
I've got often question about smart card, especially on how we use it as login id. I always say that it is not possible (at least in SRSS).
What I've understood that smart card can be used as security only if we configure it as smart card only, then only the registered one can have login screen BUT that smart card can not be restrict to only one user id. We still can login with any user id when login screen is shown.
Is there any common way to do this? It will be nicer to have it right?
Thanks & Warm Regards,
Fitra
ps: I've try to find in forum and got one subject simillar. But unfornately could not find any thread of it
Subject :
Misc quesions: Smart card user restiction, NIS+ project.org_dir,
LOEWENTHAL Simon <[EMAIL PROTECTED]> wrote: Dear all,
I have some configuration Qs about Sun Ray and its interaction with other
Solaris parts.
1) Is it possible to restict a user ID to one smart card, so that either i)
when the card is inserted a user account is automatically logged in, or ii) the
card is allowed to only log in using a partcular account?
2) Is it possible to add the /etc/project dB into NIS+ and has anybody done
this?
3) Has anyone managed to get utaction to automatically reduce a token IDs user related processes upon card removal.
e.g. SmartCard 1 (SC1) is logged in as user fbloggs.
SmartCard 2 is logged in as user fbloggs.
SC1 then renoves his card. utaction changes his processes to cpu-shares=1, but the processes attached to SC2
are unaffected ad continue running with cpu-shares=50.
Thanks from someone new to SR,
S.
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
