Joerg, Thanks very much for the explanation. I will pursue a solution based on kiosk and x11vnc rather than alias tokens. (I wasn't actually thinking about the native display manager brokering the multiplexed sessions, but relying on x11vnc to do the multiplexing.)
I'm not sure how it would be a security issue, however. As I explained, and assuming it could be implemented, it would be enabled only by tweaking an auth.props variable, and only for alias tokens, which must be setup by the administrator. This actually seems more secure than full control shared access via x11vnc. Thanks again, Bill -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joerg Barfurth Sent: Monday, May 18, 2009 5:34 PM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] session access from two locations? Quayle, Bill schrieb: > I’m trying to leverage the RemoteControl Toolkit to provide the > capability to use alias tokens concurrent access to a session. I > have modified the remoteagent script to launch vncviewer if it finds > a /tmp/RemoteControl/user-name.agent.settings.vnc file (instead of > rm’ing the file). I’ve also tweaked the script to store a copy of > the vnc full-control password similar to what the Control script > does, which it will use in launching vncviewer. > > This all seems after-the-fact, however, as it seems utauthd will not > allow two concurrent connections. > This is not only utauthd. utauthd prevents this for good reason, as the rest of the Sun Ray server also isn't equipped to multicast output to multiple clients, to multiplex input from multiple clients and to manage session lifecycle under multi-client (for a single session) scenarios. [...] > Is there any way to tell utauthd to change this – to allow the second > connection and not do the DISCONNECT & DESTROY? > No. And the result wouldn't work - and would probably be a security nightmare otherwise. > If I am correct - that this change would make this work - but would > require a code change to utauthd, I will submit this as an > enhancement request. It seems this would work quite well for > classroom situations, as well as providing a seamless disaster > recovery mechanism using the Sun Ray technology. I imagine this > would not be the default behavior, but would be selectable via an > auth.props parameter (as I originally stated) allowing alias tokens > access to existing sessions. > AFAICT there is much more to it than utauthd. - Jörg _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
