Simon Harding wrote:
Hello SunRay managers
we're piloting SRSS4 (3.x with uttsc) on Solaris 8, on sparc.
(in order to retain existing OpenWindows environment by effectively
logging onto another workstation)
After experimenting with Non-SmartCard Mobility (NSCM) we decided we
prefer traditional log-in/out and so disabled NSCM as this consumes
less resource.
How do you conclude this?
NSCM will actually consume less resources, since
users will have a single session no matter what
Sun Ray they use. Without NSCM, a new session
will be created for a user for every Sun Ray they
use (so there is no session mobility either).
I can't think of any overhead involved with an
NSCM session when compared to standard dtlogin
session, in terms of resource utilization. We've
actually contemplated making NSCM the default,
since we can't think of a reason why everyone
wouldn't want to use it.
NSCM also does a better job of load-balancing
after a server restart (greeters will still get created
on the first server up, but new NSCM user sessions
will get load-balanced when users log in, unlike
standard non-smartcard sessions where the session
gets created on the same system as the greeter).
The behaviour we now get is that any previous test user can still log
in, but new to SunRay users cannot, and after authenticating are sent
back to the initial log-in screen - ideas anyone? (This is on internal
LAN connections)?
This actually sounds like a known xscreensaver bug
associated with NSCM. Are you sure you're not
still using NSCM? The clue should be that for the
NSCM login greeter there is a picture of some Sun
Rays in the image on the right.
Perhaps you changed policy but did not
run "utrestart -c" (or, if you did it via the
browser, you didn't do a restart of all servers)?
-Bob
The system is presently an e250 2x400mhz, 2Gb (to be be replaced
either with a T2000 (&JDS) if we migrate the user environment or a
v440 as is compatible with Sol8)
We have modified pam.conf so that any LDAP user may authenticate and
also the RSA SecurId Authentication Agent as a way of improving
at-home login security once put the necessary in place.
messages and syslog doesn't reveal anything
so as not to jam this list will mail pam.conf if requests sent to (s i
m o n h AT m a n x DOT net )
p.s. increasing energy costs here mean that moving our 120 Sun
desktops to SunRays at a nominal 7watts is preferable to Ultra1's
(90w) or even SunBlade 100s (27w) saving approx. GBP8k each year
(excluding server power)
Thanks in advance
Simon Harding
Isle of Man, British Isles
The contents of this message and any attachments are confidential and are
intended for the use of the persons to whom it is addressed.
If you are not the intended recipient, you should not copy, forward,
use or
alter the message in any way, nor disclose its contents to any other
person.
Please notify the sender immediately and delete the e-mail from your
system.
The sender is not responsible for any alterations that may have
occurred without
authorisation. Any files attached to this email will have been checked
by us
with virus detection software before transmission.
You should carry out your own virus checks before opening any
attachments, as we
do not accept any liability for loss or damage which may be caused by
viruses.
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
