Re: [SunRay-Users] Point and Shoot VDI / SUN_SUNRAY_TOKEN Question

[Brad Lackey - US-SW Desktop Product Lead]

The functionality from using a "registered card only" policy is limited to determining which smart cards are allowed to get sessions on your server. With the policy turned on, ONLY registered card can get a session. With it off, any card can get a session. This really has nothing to do with Authentication to the system, as it will be handled by the Windows GINA on the RDP host. The difference here is that SUN_SUNRAY_TOKEN is computed differently in a registered only policy, and the basic dump of the registrations using utuser -o don't match.  On May 13, 2008, at 5:24 AM, Jason Howk wrote: Thanks.  I figured it had to be something that I was doing.  I'm fairly new at this so my question may be naive, but do I lose any overall functionality by turning off registered mode?  If it's a longer conversation, I'm not opposed to reading if you've got any links... ;) Thanks again, Jason. On May 12, 2008, at 10:42 PM, Craig Bender wrote: Turn off registered mode. Jason Howk wrote: All, Having read Brad's write-up on the "Point and Shoot VDI"  (http://blogs.sun.com/ThinkThin/entry/point_and_shoot_vdi1), I thought I'd give it a shot.  I'm running into issues and I'm not sure if it's something on my end or something else.  In the script where we use the smartcard as an identifier, the code calls a utuser -o and greps for the $SUN_SUNRAY_TOKEN to determine what to do: REG_OTHER=`/opt/SUNWut/sbin/utuser -o | grep $SUN_SUNRAY_TOKEN | awk -F, '{print $5;}' When I run utuser -o I get output like: [EMAIL PROTECTED]:~# utuser -o MicroPayflex.50020bf600130100,,0,User 1,saturn OpenPlatform.4090009c247d8f040a17,,0,User 2, Payflex.50060e9900130100,,0,User 3, ... and when I examine SUN_SUNRAY_TOKEN for User 1 I see user.1210550098-7053.  Digging deeper a call to utuser -p user.1210550098-7053 shows that it's considered a "Logical Token" and the utuser -o only displays the physical token.  Clearly a mismatch is occurring.   The script looks at REG_OTHER for a non-null response, make an additional check, and then fires up uttsc.  Obviously I never make it passed the check on REG_OTHER.  My question is there something I need to do to get these to match, or is it a bug in the script? Thanks, Jason. _______________________________________________ SunRay-Users mailing list SunRay-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list SunRay-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list SunRay-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sunray-users Brad Lackey Desktop Product Lead US Software Practice (720) 548-3339 [EMAIL PROTECTED]

BEGIN:VCARD
VERSION:3.0
N:Lackey;Brad;;;
FN:Brad Lackey
ORG:Sun Microsystems;
TITLE:US-SW Practice Desktop Product Lead
EMAIL;type=INTERNET;type=WORK;type=pref:[EMAIL PROTECTED]
TEL;type=WORK;type=pref:720-548-3339
TEL;type=CELL:303-875-8616
TEL;type=WORK;type=FAX:(720) 548-3339
item1.ADR;type=WORK;type=pref:;;421 Live Oak Walk;Bluffton;SC;29910;United States of America
item1.X-ABADR:us
X-ABUID:57E6612B-F276-4934-9C7A-CC683249EDB1\:ABPerson
END:VCARD

_______________________________________________
SunRay-Users mailing list
SunRay-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users