OK, I took a look at /etc/dt/config/Xconfig and there is no validPAMclasses entry. From searching the web, I see that there should be a line that reads:
Dtlogin.validPAMclasses: SunRay Is that right? Of course, the real question is, why isn't it there and what else is wrong. Looks like it's created by utgenpam. Did that not run for some reason? This is just my home setup so I can uninstall and re-install SRS if you think that is best. Thanks a lot for helping me track this down. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ottomeister Sent: Tuesday, July 10, 2007 2:52 PM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] No "Mobile Session Login" for smartcards On 7/8/07, Tom Stanley <[EMAIL PROTECTED]> wrote: > So PAM should be calling the AMGH routines before the login screen > comes up but that doesn't seem to be happening. My AMGH script appends > the params it is passed to a log file in /tmp so I can tell when it is > being called. It is not being called when I insert a card. [...] Here > are the Sun Ray references in pam.conf: Those look fine to me. The ones that should cause AMGH to run for a smartcard login are these: > dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 > ... > dtlogin-SunRay auth required > /opt/SUNWut/lib/pam_sunray_amgh.so.1clearuser and they're correct, so I'm struggling to understand why your script doesn't get called. One possibility is that the greeter in the smartcard session had already proceeded past the first AMGH invocation before you configured AMGH, and it's now parked at the "get user name" stage. To eliminate that possibility select Options->Reset_Login_Screen, which will terminate the existing greeter and start a brand new one that will run a fresh PAM stack. A second (unlikely) possibility is that the dtlogin configuration is incomplete and SRSS is using the plain 'dtlogin' PAM definitions instead of the 'dtlogin-SunRay' ones. You can check for proper configuration by grep'ing for a validPAMclasses definition in /etc/dt/config/Xconfig. If neither of these explain what's happening then the next steps would be to turn on PAM debugging and/or use 'truss' to figure out what the greeter is doing. Oh, just to be sure: there's only one Sun Ray server here, right? The Sun Ray hasn't connected to a different server and launched the smartcard session on a machine that does not have AMGH configured? Check by holding down all three volume keys (Mute+Softer+Louder) above the numeric keypad and seeing that the server IP address in the pop-up box is the one you expect. OttoM. __ ottomeister Disclaimer: These are my opinions. I do not speak for my employer. _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
