Joerg Barfurth wrote: > AFAIU you are using token aliasing to attempt this, which is also what > you need to take over a smartcard session with the Sun Desktop Access > Client. There is no substantial difference between the > smartcard<->pseudo toekn case and the pseudo<->pseudo token cases here. > > You need an authenticated UNIX session (no kiosk!) with RHA enabled (and > pam_sunray_hotdesk in place) in order to take over session with an > aliased token. (NSCM is a different way to achieve a similar thing. but > not supported on Linux.)
Joerg, I was indeed trying to use alias tokens for session takeover mechanism. Actually after checking with a real sun ray session takeover didn't work. Then I debugged more and read some earlier posts in this list (link below) and found out that I had two gdm-related pam configs. The first /etc/pam.d/gdm contains (debian) standard includes only. The second is /etc/init.gdm-2.20 generated during srss install procedure !? Additionally, /tmp/SUNWut/user-sessions was not populated. To get session takeover with alias tokens to work on debian I merged both pam configs to one file and symlinked the other name to it. Following the previous stated mailing list post I moved the includes to the bottom of the merged pam configuration. Then I created a session with one soft client and attached the token of the second soft client to the first one. Now when I connect the second soft client to the sun ray server I get that dtlogin-style password greeter and can steal the session from the first one. This is what I want and I guess it is the way it is supposed to work ;) (And will work with smartcard session too). Thanks for help, Sebastian reference post: http://www.filibeto.org/pipermail/sunray-users/2009-March/012123.html _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
