-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 08.12.2008 00:46, Jim Klimov a écrit : > Hello Philippe, > > If you want users to retain their settings, you should use > not Kiosk mode, but login named Unix (LDAP, AD) users. > > Your Kiosk sessions run with an UID of a random user (more > specifically, one of several UIDs precreated when you set up > SRSS) who is supposed to have no rights on your system except > for his temporary homedir created from a template. > > What makes things worse, your next session will probably > run with a different random UID. This makes problematic to > consider security (Firefox PKI as in your example) even if > you manage to copy files (via /var/tmp, shared NFS, etc.). > > --- > > You are not limited to using ksh; in fact my Kiosk wrappers > were mostly written in bash. > > In bash syntax you have two ways of using an execution's > output as a value: the backticks `` and $(). These can be > combined, i.e.: > > /opt/SUNWuttsc/bin/uttsc -m -u $(/opt/SUNWut/sbin/utuser -p `env | grep > SUN_SUNRAY_TOKEN | cut -d"=" -f2` | grep User | grep Name | cut -d"=" > -f2 |cut -d" " -f2) -d Domain -s IP > > You can of course assign values to variables, that goes > without a dollar: > OWNER=`env | grep SUN_SUNRAY_TOKEN | cut -d"=" -f2 | grep User | grep Name | > cut -d"=" -f2 |cut -d" " -f2` > > Perhaps that's what breaks your example with $USER=... > or the fact that you have three backticks in that line? > > --- > > And I'd take this chance to remind the public of my scripted > infrastructure to bind specific Kiosk sessions which you can > write and preconfigure as scripts to smartcards and/or DTUs: > > See https://svn.sun-rays.org/viewvc/FLButselector/ > https://svn.sun-rays.org/viewvc/FLButselector/trunk/release/FLButselector-pkg-solaris-1.1.0.zip?revision=52&pathrev=52 > > You can use them for reference and/or use them in your > environment. > > There's now similar functionality in SRSS 4.1, though. > > //Jim Thanks for your answer. I'll give a try to integrating SR users into LDAP.
Is there an howto ? I found this http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server But it is about solaris users, not SRSS users. - --- Ok for the bash, i'll try it. But i think i tried to set a value to variable using this way VAR=`env | etc...` Otherwise, i'll try using $. - --- Hum. I'm gonna learn much with your scripts. Thanks. My documentation is far smaller than any other, and worth, it is in french, but maybe it can be useful for french speaking newbie....like me ;-): http://www.openbsd-edu.net/index.php/SunRay Thanks for all Best regards. - -Keeping the first mail for my team.- > > Monday, December 8, 2008, 12:12:16 AM, you wrote: > > PS> Hi, > PS> i'm new to Solaris/SRSS and using 10 Sunray2 on a SunX2100 running a > PS> fresh new Solaris 10u6& SRSS4.1 with smartcard logon. > PS> My users are really happy about it. > > PS> Buy, i've still many questions about configuring it. > > PS> 1. I'd like to configure the desktop. Including for examples links or > PS> icons on the desktop or submenus. > > PS> 2. I've written script to retrieve OpenLDAP uid from the card to make as > PS> simple as possible the RDP login to a Windows2003R2 server. > PS> I've got a problem, not a sunray related pb in fact... > > PS> env | grep SUN_SUNRAY_TOKEN | cut -d"=" -f2` | grep User | grep Name | > PS> cut -d"=" -f2 |cut -d" " -f2 => give the name of the smartcard owner. > =>>Works > > PS> /opt/SUNWuttsc/bin/uttsc -m -u uid -d Domain -s IP > =>> Works > > PS> But combining those two scripts doesn't work at all because of the two > PS> series of ``: > > PS> /opt/SUNWuttsc/bin/uttsc -m -u `/opt/SUNWut/sbin/utuser -p `env | grep > PS> SUN_SUNRAY_TOKEN | cut -d"=" -f2` | grep User | grep Name | cut -d"=" > PS> -f2 |cut -d" " -f2` -d Domain -s IP > > PS> I'd like to set some variables, but whenever it seems to me that solaris > PS> uses ksh, this solution doesn't work at all : > > PS> $USER=`env | grep SUN_SUNRAY_TOKEN | cut -d"=" -f2` | grep User | grep > PS> Name | cut -d"=" -f2 |cut -d" " -f2` > > PS> /opt/SUNWuttsc/bin/uttsc -m -u $USER -d Domain -s IP > > > PS> And, i'm nearly sure that i'm not the first one to have these needs, and > PS> maybe i didn't search too far, but this already exists. > > > PS> 3. I set the KIOSK_SESSON_TIMEOUT to 1 week, so the users have a > PS> semi-permanent session. > > PS> But whenever the session is restarted, they -of course- loose all of > PS> their settings. > PS> So is it possible to set for all of the users some of their settings : > > PS> - Auto-Enrollement to StarOffice. > PS> - CA of the PKI in the Firefox settings > PS> - Proxy for firefox. And, of course, making the proxy non-discardable ;-) > > > > PS> Thanks by advance. > PS> And i apologize for any mistake on the language. > > PS> Yours sincerely. > > > - -- Cordialement. - - Lycée Alfred Nobel,Clichy sous bois http://www.lyceenobel.org KeyID 0x46EA1D16 FingerPrint 997B164F4F606A61E7B1FC61961A821646EA1D16 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJQCyrlhqCFkbqHRYRAj5EAJ4149FBK3eVgab8KOcAozlp1roKcgCgqcFd 1ynuQNh2e+vdWwTgoYr8IyQ= =RA7U -----END PGP SIGNATURE----- _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
