On 7/8/07, Tom Stanley <[EMAIL PROTECTED]> wrote:
So PAM should be calling the AMGH routines before the login screen comes up but that doesn't seem to be happening. My AMGH script appends the params it is passed to a log file in /tmp so I can tell when it is being called. It is not being called when I insert a card. [...] Here are the Sun Ray references in pam.conf:
Those look fine to me. The ones that should cause AMGH to run for a smartcard login are these:
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 ... dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1clearuser
and they're correct, so I'm struggling to understand why your script doesn't get called. One possibility is that the greeter in the smartcard session had already proceeded past the first AMGH invocation before you configured AMGH, and it's now parked at the "get user name" stage. To eliminate that possibility select Options->Reset_Login_Screen, which will terminate the existing greeter and start a brand new one that will run a fresh PAM stack. A second (unlikely) possibility is that the dtlogin configuration is incomplete and SRSS is using the plain 'dtlogin' PAM definitions instead of the 'dtlogin-SunRay' ones. You can check for proper configuration by grep'ing for a validPAMclasses definition in /etc/dt/config/Xconfig. If neither of these explain what's happening then the next steps would be to turn on PAM debugging and/or use 'truss' to figure out what the greeter is doing. Oh, just to be sure: there's only one Sun Ray server here, right? The Sun Ray hasn't connected to a different server and launched the smartcard session on a machine that does not have AMGH configured? Check by holding down all three volume keys (Mute+Softer+Louder) above the numeric keypad and seeing that the server IP address in the pop-up box is the one you expect. OttoM. __ ottomeister Disclaimer: These are my opinions. I do not speak for my employer. _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
