SunRay community:
Happy new year!
We have run for many years with a zero-administration policy (including
NCSM) of:
utpolicy -a -M -z both
Recently, we've developed a need to have kiosk sessions as well. Thus
far, based on help that I received on this forum, I've been able to
develop a simple kiosk session (using a jds3 session) that has a handful
of applications including our lab-specific Java Web Start application.
In this case, the kiosk session was assigned to a specific smart card
using utkioskoverride so I hadn't yet made any policy changes. Because
our Java Web Start application has its own authentication, it can
happily run in a kiosk session.
In our environment, mobility features are important: we have a
laboratory with about 30 Sunrays and folks move their sessions as they
move from equipment to equipment in the lab. Note this is a Solaris
(10u6) environment and I've done everything with the command-line for
any SunRay administration that I need. To be honest, I don't think that
Tomcat is even installed on this machine.
In any event, I was hoping to change to a policy where our folks could
either use the kiosk session if they didn't need any access to a file
system and could log into their account and run a "normal" session if
they did.
To continue with zero-administration, I thought that I could run with
the following policy:
utpolicy -a -M -z both -k card
I thought that would allow me to run zero-administration kiosk sessions
for anyone using a smart card, and a NSCM "regular" session, if someone
didn't use a smart card.
However, when I try to apply that, I get:
ERROR: Could not update policy
in my /var/opt/SUNWut/log/messages file I see:
Jan 2 06:56:11 flare utglpolicy[21725]: [ID 702911 user.info]
ut_addDsEntry(): datastore operation failed Already exists.
This makes me think that this is a legal policy, but that I don't
understand how to clear an existing policy before loading a new one.
So, my questions are:
1. Do I need to do something different to load a new policy in place of
an existing one?
2. Does the "utpolicy -a -M -z both -k card" do what I think that it
will: provide kiosk sessions for all folks using a smart card and NSCM
sessions for folks that login without using a smart card?
3. Is there an alternative means (hopefully zero administration) of
providing good mobility features to both kiosk and regular sessions?
Thanks for your consideration,
John
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
