Hello Jörg, Sorry for getting so late back to you, but I am currently on a night shift. Here are the files that you requested:
[r...@vm-tesla-1-lan pam.d]# cat gnome-screensaver #%PAM-1.0 # Fedora Core auth include system-auth account include system-auth password include system-auth session include system-auth # SuSE/Novell #auth include common-auth #account include common-account #password include common-password #session include common-session [r...@vm-tesla-1-lan pam.d]# cat uthotdesk #%PAM-1.0 # BEGIN: added to uthotdesk by SunRay Server Software -- uthotdesk # Fedora Core auth include system-auth account include system-auth password include system-auth session include system-auth # SuSE/Novell #auth include common-auth #account include common-account #password include common-password #session include common-session I hope this helps. Yours, Martin -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Gesendet: Montag, 15. Februar 2010 11:46 An: SunRay-Users mailing list Cc: Martin Allert Betreff: Re: [SunRay-Users] Problems with pam, screenlock and uthotdesking Martin Allert schrieb: > Hello, > > Maybe an interesting observation: > > - When the session idle timout comes and the user session is locked, > there comes a gnome themed locking window asking for the password, > displaying my real name. And after entering it works, I am in! > > - When I pull the card, there comes an grayish OpenWindows like Xlock > unlock window I used to see on old SPARC SRSS installations with a > picture of some DTU models on the right. I am asked for my password > displaying my username. > Can you show us your /etc/pam.d/gnome-screensaver and /etc/pam.d/uthotdesk files? - Jörg > -----Ursprüngliche Nachricht----- > Von: Martin Allert [mailto:[email protected]] > Gesendet: Montag, 15. Februar 2010 03:32 > An: SunRay User Mailing List > Betreff: Problems with pam, screenlock and uthotdesking > > > Hello everybody, > > > I have the following problem with SRSS 4.2 and RHEL 5.4: > My utpolicy allows only login for registered cards. Self registration is > enabled. Users can login and work. > > The server authenticates user against a Active Directory Server Win2k03 > R2 with "Identity Management for Unix" installed. Logging in works > perfect. > > When you pull the card or hit <SHIFT-break>, some greyish screenlock > window appears which asks me for my password to login. It looks like an > ancient Openwin Motif window. > > Now entering my password says "Login incorrect.". I think this has > s.th. to do with my pam stacks, 'cause when I disable the current policy > by "/opt/SUNWut/sbin/utpolicy -D -a -M -r card -s card -g" and doing a > "utrestart -c", this screensaver password does not appear any more and I > am directly logged in to my session. > > I also tried regenerating the SunRay pam settings by > "/opt/SUNWut/lib/utgenpam disable && /opt/SUNWut/lib/utgenpam enable" - > no avail. > > This is what my /etc/pam.d/system-auth looks like: > > [r...@vm-tesla-1-lan pam.d]# cat system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_krb5.so forwardable > auth sufficient pam_unix.so nullok_secure use_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth required pam_deny.so > auth sufficient pam_winbind.so use_first_pass > > account required pam_unix.so > account sufficient pam_succeed_if.so uid < 500 quiet > account required pam_permit.so > account [default=bad success=ok user_unknown=ignore] pam_winbind.so > account sufficient pam_krb5.so minimum_uid=1000 > > password requisite pam_cracklib.so try_first_pass retry=3 > password sufficient pam_unix.so md5 shadow nullok try_first_pass > use_authtok > password required pam_deny.so > password sufficient pam_winbind.so use_authtok > password sufficient pam_krb5.so minimum_uid=1000 > password required pam_unix.so nullok obscure min=4 max=8 md5 > > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session required pam_mkhomedir.so skel=/etc/skel umask=0077 > session optional pam_krb5.so minimum_uid=1000 > > And this is what my /etc/pam.d/gdm and /etc/pam.d/gnome-screensaver > look like: > [r...@vm-tesla-1-lan pam.d]# cat gdm > #%PAM-1.0 > # BEGIN: added to gdm by SunRay Server Software -- gdm > auth requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_hotdesk.so.1 > auth requisite /etc/opt/SUNWut/lib/$PLATFORM/sunray_get_user.so.1 > property=username > auth required /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_amgh.so.1 > auth sufficient /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user > ignoreuser > auth requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user > auth required /etc/opt/SUNWut/lib/$PLATFORM/sunray_get_user.so.1 prompt > auth required /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_amgh.so.1 > clearuser > # END: added to gdm by SunRay Server Software -- gdm > auth required pam_env.so > auth include system-auth > # BEGIN: added to gdm by SunRay Server Software -- gdm > account sufficient /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user > # END: added to gdm by SunRay Server Software -- gdm > account required pam_nologin.so > account include system-auth > password include system-auth > # BEGIN: added to gdm by SunRay Server Software -- gdm > session requisite /etc/opt/SUNWut/lib/$PLATFORM/pam_sunray_hotdesk.so.1 > session required /etc/opt/SUNWut/lib/$PLATFORM/pam_kiosk.so.1 log=user > # END: added to gdm by SunRay Server Software -- gdm > session optional pam_keyinit.so force revoke > session include system-auth > session required pam_loginuid.so > session optional pam_console.so > > I can see no error - Do you have a hint for this? > > > Yours sincerely, > > Martin Allert > -- Joerg Barfurth Software Engineer mailto:[email protected] Desktop Technology Thin Client Software http://www.sun.com/software/sunray/ Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/ Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht Muenchen: HRB 161028 Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels Vorsitzender des Aufsichtsrates: Martin Haering _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
