Hi Joerg,
Thats the Point - there is no pam_winbind.so in /lib. It is in /lib64.
Viele Grüße,
Martin Allert
(Mobil)
Am 17.02.2010 um 09:40 schrieb Jörg Barfurth <[email protected]>:
Martin Allert schrieb:
Thank you for your help. As you asked I just tried it again and had a
look into the mentioned log files. Because they are too long for
inline display (it would destroy the whole thread), I attached them
as .txt files to this email.
This appears to be the problem:
From the 'messages' logs:
Feb 17 04:15:19 vm-tesla-1-lan hdloginGUI: login account failure:
Module is unknown
From the 'secure' log:
Feb 17 04:14:58 vm-tesla-1-lan hdloginGUI: PAM unable to dlopen(/
lib/security/pam_winbind.so)
Feb 17 04:14:58 vm-tesla-1-lan hdloginGUI: PAM [error: /lib/
security/pam_winbind.so: cannot open shared object file: No such
file or directory]
Feb 17 04:14:58 vm-tesla-1-lan hdloginGUI: PAM adding faulty
module: /lib/security/pam_winbind.so
So there is a problem loading the pam_winbind modules. I don't know
why that isn't a problem in gnome-screensaver. You you try 'ldd -r /
lib/security/pam_winbind.so' to check, if it is missing dependencies
that may be accidentally satisfied in the gnome-screensaver context).
HTH
- Jörg
Some more comments on this:
As far as I understand it, pulling the card and pushing it in again
has also something to do with utaction, right? And what if I could
configure utaction for all users to use the gnome screensaver unlock
(if there is such a feature of gnome-screensaver)?
That isn't something you can configure using utaction. If
'RHA' (which shows the Sun Ray loginGUI) is disabled, utaction is
already used under the hood to trigger gnome-screensaver.
You can use the -D option to utpolicy to turn off 'RHA'. Please note
that there are some security issues with that:
- Less reliable: Under some circumstances, gnome-screensaver is
unable to lock the screen, so the session will be unprotected. (For
example if a menu is open.)
- With gnome-screensaver locking, anyone can kill your locked
session without authenticating (by pressing Alt+Ctrl+Bksp-Bksp).
- Without 'RHA', sessions are significantly more vulnerable to
'stealing' by use of a spoofed token.
--
Joerg Barfurth
Software Engineer mailto:[email protected]
Desktop Technology
Thin Client Software http://www.sun.com/software/sunray/
Sun Microsystems GmbH http://www.sun.com/software/
javadesktopsystem/
Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten
Amtsgericht Muenchen: HRB 161028
Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels
Vorsitzender des Aufsichtsrates: Martin Haering
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
