Hi John, you are almost correct with everything you say and definitely heading in the right direction
> We now have a reason to begin to explore the use of kiosk mode. Because I > want to disrupt existing use minimally, I thought that I would start by > trying to set up one smart card to that it would be tied to a kiosk-mode > session and then locally configure our kiosk session with the handful of > applications that we want to be available in kiosk mode which will likely > include a custom Java Web Start app (that has it's own authentication), > access to the firefox browser, and maybe access to ssh. sounds like a good idea. Another idea would be to install a test environment and play with that. SRS runs in virtualbox aswell. > Thus far, I've run utpolicy -k to create a collection of utku* kiosk-mode > users. So you have not been using kiosk mode before, just plain old regular sessions? > What I can't seem to find is proper syntax of the utuser command that would > register that smart card appropriately for kiosk use. > > Is this a command-line usage that would work to tie a particular smart card > token to one of the utku* users? > > utuser -a "<tokenID>,,,utku23," > > Am I also correct that in general I'd want to tie each smart card token to a > different utku* user to avoid kiosk-mode session collisions/confusion? Almost right. The username you specify here does not have to be a regular unix user and does have nothing to do with these accounts. You would not specify a kiosk user here. Use the name of the owner of the card (or simply 'testuser'). This is mostly for your own information. Then, use utkioskoverride -s kiosk -r TOKENID to specify that this smart card should be redirected to a kiosk session. Then, kill or exit your current session with that token (utsession -k -t TOKENID) and your kiosk session should come up. > Or am I hopelessly confused by this kiosk-mode stuff and how to use the utku* > users? Nope, the only issue I really wanted to mention is that the smartcard owner has nothing to do with real unix user accounts. The utku* accounts will be used automatically by the SR server. the first kiosk session will be startet by utku01, the second one by utku02 and so on. Bjoern _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
