Ok to explain why its inconvenient i'll try to explain my setup. Please note i may have designed this ass about face, so if anyone can see any improvements let me know.
The SunRays are configured to connect to a single T1000 "Broker" Machine called antrim. This has a custom kiosk mode with NSCM. Students log into NSCM login with their ldap/kerberos ID. the kiosk script then generates a list of machines (based on ldap group membership), puts the list of machines in a nice GUI and presents it the the user. If the users picks a windows machine this is trivial, we just use the windows connector. If they pick a Linux/Solaris machine then utswitch is used to switch to the desired machine, it is designed that these other SunRay servers have standard solaris and linux sessions(also with NSCM), the only kiosk mode is on the broker "antrim". For this example i'll call one other solaris sunray server mayo(The one students get a JDS session on) The problems with this design 1. I want to utswitch back to the "Broker" machine mayo when the session on the other solaris/linux session has ended(i have achieved this with a hack) 2. When i utswitch back the broker i want to clear all usernames(Bob you have covered this i think) 3. On the solaris desktop server, mayo, when the student locks his/het JDS session i want it to either not show the NSCM login(just gnome-screensaver) or utswitch back to the broker. The reason for this is if the next student sits down and logs in they will get a solaris session and not the GUI selector because he/she will be logging into mayo and not antrim(the broker). My case is probably a very isolated one. Also i dont want to enable direct session access because its a good security feature on the cards. I could live without it on NSCM sessions. Thanks and Regards. David Bob Doolittle wrote: > David Markey wrote: >> They could manually detach the session using shift+pause, its just >> complicated for our users and id like to disable it. i see its hard >> coded into xscreensaver. > > No, it's not. See previous mail. xscreensaver has no changes specific > to SRSS. > Well > I don't understand what's complicated about RHA. You don't have to use > shift-pause, you can simply lock the screen and that will > disconnect/lock the session. > And then you authenticate to regain access to your session. This is > identical to normal screensaver behavior, it just uses a different GUI > look/feel. > >> Any way to disable it even unsupported? > > Discussed in previous mail, but not recommended. > >> Also, when i do a utswitch -h <hostname> the previous user name gets >> entered into the new sunray servers login, any way to disable that also? > > Well, you could try removing "sunray_get_user ... property=username" > from the dtlogin-Sunray stack in /etc/pam.conf, although this may > impact the login process with NSCM in a FOG (i.e. occasionally require > entering the username twice). Or just have the user click "Start Over" > to enter a different user name. This will become more of an issue with > GDM (which doesn't have the "Start Over" functionality provided by > dtlogin), and we need to give it some thought. > > Most people find this behavior convenient, given the "Start Over" > workaround for those unusual cases where a different username is desired. > > -Bob > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
