Damon Getsman skrev:
I am currently administering a Sun Ray cluster utilizing SRSS for a
WAN with approximately 40 users. I hope you will forgive me for my
neophyte level of knowledge on this setup. Their desktops are all
GNOME 2.22, and the cluster is set up to allow their access with
individual smart cards.
I have had a problem described to me for a project by the
administrator who is still training me on the admin of this system, as
my previous knowledgebase is basically all networked linux PC
administration. The problem is, as I have been told, an issue with
the enlightened sound daemon when the users login multiple times at
once
Of course there is problems if you use the same login account
simultaneously
by several individuals.
1) Your Audit Trail becomes utterly useless. You wont be able
to tie an action to a unique
individual.
2) Security becomes a nightmare. People is careless with
protecting their passwords because -
everyone knows them anyway.
3) Unix was not designed for this purpose .
4) Gnome was not designed to do this.
Gnome creates multiple sockets in /var/tmp that connects
the gnome system to the
devices it is attached to. This setup is supposed to be one
user to one set of devices for each login ID.
(I'm not even sure how this is possible with smart card logins;
I'm just running with what I've been told at this point). There are
three servers which the user logs into from the various terminals.
Evidently they are set up to round-robin the resources. Anyway, when
a user is logged into all three machines and attempts another login,
obviously it goes back to the first server in the list. When this
happens, the /tmp/.esd socket and/or lockfiles prevent sound
capability from the most recently authenticated terminal.
I was wondering if this is a common setup and if there are any
resources that I can use to try to find information on this setup to
fix the issue. I could write a python script to be invoked at some
point while gdm is starting up, but I'd like to find a fix that isn't
as kludgy, if at all possible.
NO dont try that - fix the root cause of the problem. If you have
an application with
only a common login for all users. It should be reinvented.
This old style app will never make it through any kind of Security
Audit.
You simply got to know, Who made what at which point in time.
Being as I'm going to be administering this system for some time in
the future, I'm also interested in any resources you could point me at
that would be relevant to this sort of setup. I haven't had much luck
finding documentation on the sun website relevant as of yet.
Thank you for your time and help. :)
-Damon Getsman
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
