SunRay community:

Happy new year!

We have run for many years with a zero-administration policy (including NCSM) of:

utpolicy -a -M -z both

Recently, we've developed a need to have kiosk sessions as well. Thus far, based on help that I received on this forum, I've been able to develop a simple kiosk session (using a jds3 session) that has a handful of applications including our lab-specific Java Web Start application. In this case, the kiosk session was assigned to a specific smart card using utkioskoverride so I hadn't yet made any policy changes. Because our Java Web Start application has its own authentication, it can happily run in a kiosk session.

In our environment, mobility features are important: we have a laboratory with about 30 Sunrays and folks move their sessions as they move from equipment to equipment in the lab. Note this is a Solaris (10u6) environment and I've done everything with the command-line for any SunRay administration that I need. To be honest, I don't think that Tomcat is even installed on this machine.

In any event, I was hoping to change to a policy where our folks could either use the kiosk session if they didn't need any access to a file system and could log into their account and run a "normal" session if they did.

To continue with zero-administration, I thought that I could run with the following policy:

utpolicy -a -M -z both -k card

I thought that would allow me to run zero-administration kiosk sessions for anyone using a smart card, and a NSCM "regular" session, if someone didn't use a smart card.

However, when I try to apply that, I get:

ERROR: Could not update policy

in my /var/opt/SUNWut/log/messages file I see:

Jan 2 06:56:11 flare utglpolicy[21725]: [ID 702911 user.info] ut_addDsEntry(): datastore operation failed Already exists.

This makes me think that this is a legal policy, but that I don't understand how to clear an existing policy before loading a new one.

So, my questions are:

1. Do I need to do something different to load a new policy in place of an existing one?

2. Does the "utpolicy -a -M -z both -k card" do what I think that it will: provide kiosk sessions for all folks using a smart card and NSCM sessions for folks that login without using a smart card?

3. Is there an alternative means (hopefully zero administration) of providing good mobility features to both kiosk and regular sessions?

Thanks for your consideration,

John



_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to