I'm not sure all of the information that is need has been presented?
Do I have the following correct?
1) An application is started on the server
2) This application requires a display to start
3) The display is passed to the application as a run time argument
4) The application must execute as a specific user
Questions:
1) How many instances of the application can run at any one time? Only
one? Multiple?
2) How many users need to access the application at any given time? Only
one? Multiple?
3) Do the users need to interact with the program or just view?
Likewise, would some need to interact and some only need to view?
If just one instance is going to run and only accessed by one person,
you could easily start it on a non-card Sun Ray configured for kiosk mode.
You could start the app as the specific user via sudo, and give that
user rights to the current Kiosk User account's display.
+Let's assume the application must be started by a user called
"appuser1" and that "appuser1 is a valid unix account (either local or
centralized via NIS, LDAP, etc)
+Let's assume the application is a called "AppOne"
1) Configure sudo so that members of the utkiosk group can execute
programs as "appuser1" (via /etc/sudoers)
2) Also configure /etc/sudoers so that members of the utkiosk group are
not required enter a password (as the Kiosk User Accounts are locked in
/etc/passwd)
2) Create a shell script called AppOne.sh that does the following:
- Allows the user "appuser1" to access the current display
- Using sudu, start "AppOne" as "appuser1" to the current display
e.g.
#!/bin/bash
xhost +si:localuser:appuser1
sudo -u appuser1 /usr/bin/AppOne -display: $DISPLAY
From there you can create a kiosk session type, registered a
pseudo.token (or smart card toke) and depending if the new session type
is set for the default kiosk session type, you could utkioskoverride the
the behavior of the registered token to run kiosk and/or create another
kiosk config (via utkiosk) and, specify, via utkioskoverride, to run
that kiosk session type.
Now if multiple users viewing the app is what is desired, then I would
indeed go with a virtual frame buffer solution, like x11vnc.
On 3/19/13 11:18 AM, Jim Klimov wrote:
To summarize both solutions, I'd suggest creating the following:
1) A VNC server which is started automatically (with the OS as an
SMF service or via a legacy init-script), or is started by your
application's initialization routine.
The VNC server has a particular IP port assigned (maybe on the
localhost or accessible over the network) and an X11 display
number. You might need some tricks to ensure that this number
is reserved for the VNC display, i.e. start it as the first X
server on the system, before SRSS.
2) A kiosk session assigned to that smartcard which automatically
launches a vncviewer program to see what happens in that VNC
server. VNC can be configured to allow many clients to view
and/or control the same server.
This way the VNC display will be accessible to your app after the
reboot and regardless of SRSS or anyone interactively logging in
at all. For example in our practice, OpenOffice is used as a filter
for Alfresco CMS, and even headless OOO requires an X11 display.
The VNC trick is used successfully on that box, even though there
is no OOO window in that session to look at.
To create custom Kiosk sessions you could use my FLButselector
package (published on sun-rays.org), though I think latest SRSS
includes options to customize kiosks as well (in legacy times
there used to be just one type of kiosk, and any customization
started from the same template session).
HTH,
//Jim Klimov
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
