On Thursday 26 October 2006 01:07, Michael Bender wrote:
> $DISPLAY is not used as the sole security key, we used trusted data
> (the UID of the caller, and, in a Solaris Zones/TX environment, the
> zone information) and the access control policy, implemented in the
> Sun Ray PAM module, is pretty simple - if the value of $DISPLAY (which
> can be spoofed) refers to an X display that the UID of the caller
> controls, then the caller gets access to the reader.
Okay, I'm probably just really dense, but: Is the only purpose of passing the
$DISPLAY to disambiguate the case where the user is logged into multiple Sun
Rays (DTUs, you call them, IIRC) simultaneously?
If so, it might clear up a lot of confusion if you say so. If not, what else
is it used for? Not authentication, obviously.
Shawn.
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
