Hello, Maybe an interesting observation:
- When the session idle timout comes and the user session is locked, there comes a gnome themed locking window asking for the password, displaying my real name. And after entering it works, I am in! - When I pull the card, there comes an grayish OpenWindows like Xlock unlock window I used to see on old SPARC SRSS installations with a picture of some DTU models on the right. I am asked for my password displaying my username. Yours, Martin -----Ursprüngliche Nachricht----- Von: Martin Allert [mailto:[email protected]] Gesendet: Montag, 15. Februar 2010 03:32 An: SunRay User Mailing List Betreff: Problems with pam, screenlock and uthotdesking Hello everybody, I have the following problem with SRSS 4.2 and RHEL 5.4: My utpolicy allows only login for registered cards. Self registration is enabled. Users can login and work. The server authenticates user against a Active Directory Server Win2k03 R2 with "Identity Management for Unix" installed. Logging in works perfect. When you pull the card or hit <SHIFT-break>, some greyish screenlock window appears which asks me for my password to login. It looks like an ancient Openwin Motif window. Now entering my password says "Login incorrect.". I think this has s.th. to do with my pam stacks, 'cause when I disable the current policy by "/opt/SUNWut/sbin/utpolicy -D -a -M -r card -s card -g" and doing a "utrestart -c", this screensaver password does not appear any more and I am directly logged in to my session. I also tried regenerating the SunRay pam settings by "/opt/SUNWut/lib/utgenpam disable && /opt/SUNWut/lib/utgenpam enable" - no avail. This is what my /etc/pam.d/system-auth looks like: [r...@vm-tesla-1-lan pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_krb5.so forwardable auth sufficient pam_unix.so nullok_secure use_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so auth sufficient pam_winbind.so use_first_pass account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account sufficient pam_krb5.so minimum_uid=1000 password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so password sufficient pam_winbind.so use_authtok password sufficient pam_krb5.so minimum_uid=1000 password required pam_unix.so nullok obscure min=4 max=8 md5 session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_krb5.so minimum_uid=1000 And this is what my /etc/pam.d/gdm and /etc/pam.d/gnome-screensaver look like: [r...@vm-tesla-1-lan pam.d]# cat gdm #%PAM-1.0 # BEGIN: added to gdm by SunRay Server Software -- gdm auth requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_hotdesk.so.1 auth requisite /etc/opt/SUNWut/lib/$PLATFORM/sunray_get_user.so.1 property=username auth required /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_amgh.so.1 auth sufficient /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user ignoreuser auth requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user auth required /etc/opt/SUNWut/lib/$PLATFORM/sunray_get_user.so.1 prompt auth required /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_amgh.so.1 clearuser # END: added to gdm by SunRay Server Software -- gdm auth required pam_env.so auth include system-auth # BEGIN: added to gdm by SunRay Server Software -- gdm account sufficient /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user # END: added to gdm by SunRay Server Software -- gdm account required pam_nologin.so account include system-auth password include system-auth # BEGIN: added to gdm by SunRay Server Software -- gdm session requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_hotdesk.so.1 session required /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user # END: added to gdm by SunRay Server Software -- gdm session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so session optional pam_console.so I can see no error - Do you have a hint for this? Yours sincerely, Martin Allert -- "Beware of health books - You might die of a misprint." (Mark Twain) ---------------------------------------------------------------------- arago AG, Institut für komplexes Datenmanagement Eschersheimer Ldstr. 526-532, 60433 Frankfurt/Main, [email protected], Tel. 069/405680, Fax 069/40568111, http://www.arago.de ---------------------------------------------------------------------- ------------------------------------------------------------------------ Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79 343 Vorstand: Hans-Christian Boos, Martin Friedrich · Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther Sitz: Kronberg im Taunus · HRB 5731 · Registergericht: Königsstein im Taunus, Ust.Idnr. DE 178572359 · Steuernummer 2603 003 228 43435 ------------------------------------------------------------------------ -- Bitte schonen Sie unsere Umwelt. Muessen Sie diese Email wirklich ausdrucken? _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
