On 05/27/09 07:47, peter_blatherw...@mitel.com wrote:
Hello Wouter all,
Yes, this is a known SRSS behaviour. When policy is switched from
access = all to/from access = registered-token-only, the format provided
by $SUN_SUNRAY_TOKEN changes, for the very same user / card ID, as you
point out. The user.xxxx format is the logical token ID, whereas the
other is the actual card ID.
Adding to the fun, we have also found that the *value* generated for the
logical token can be different from different Sun Ray Servers, say
servers that are not in a SRSS Failover Group. This in turn means that
not only is the format different, but different IDs are presented to
represent the same user -- no end of grief can come from that. And, i
believe if you switch to/from registered-token-only and back again, the
value generated for the logical token can even change on the same Sun
Ray Server. Using card id format (access = all policy) suffers none of
these issues.
(I would argue this behaviour is not a good thing, but that's just my
humble opinion. ;-)
I happen to agree. I believe we should have done a transparent
registered mode, where the token is not translated, just registered,
years ago. The "user.xxx" tokens are useless, if not worse, given the
deficiencies you cite.
Kent
_______________________________________________
SunRay-Users mailing list
SunRay-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
