On Thursday 26 October 2006 01:07, Michael Bender wrote: > $DISPLAY is not used as the sole security key, we used trusted data > (the UID of the caller, and, in a Solaris Zones/TX environment, the > zone information) and the access control policy, implemented in the > Sun Ray PAM module, is pretty simple - if the value of $DISPLAY (which > can be spoofed) refers to an X display that the UID of the caller > controls, then the caller gets access to the reader.
Okay, I'm probably just really dense, but: Is the only purpose of passing the $DISPLAY to disambiguate the case where the user is logged into multiple Sun Rays (DTUs, you call them, IIRC) simultaneously? If so, it might clear up a lot of confusion if you say so. If not, what else is it used for? Not authentication, obviously. Shawn. _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle