Another AMGH update regarding usernames which can't be overridden

Due to popular demand, I just added this section to the "AMGH HOW-TO Guide":

An unsupported way to make the "username" non-overridable


Today, the username returned by the API can be overridden by the Display Manager (e.g. dtlogin's "Start Over" button).  Some customers would like this setting to be a sort of "security" feature that cannot be overridden by the user, rather than a "convenience" feature as it exists today.  In future, we may add such a feature to the product.  There is an unsupported way to deal with this today, however for non-NSCM logins.  You can edit /etc/pam.conf and remove the clearuser option from the pam_sunray_amgh.so module.  This is not officially supported because it has not been tested by our Quality Assurance team but it has been known to work for some customers. There is no similar recourse for NSCM logins today - the "Start Over" button will clear the preset login name returned by AMGH.

Comments:

"no similar recourse for NSCM logins"... I'm not sure that you'd ever need that kind of setting for NSCM, would you? I'm trying to think of a scenario where you would need to pre-fill a user name when there is no card inserted. Good stuff as always bob.

Posted by bhlackey on March 13, 2007 at 02:26 AM EST #

I could imagine the NSCM scenario. Maybe people have fixed offices and don't use smart cards. Wouldn't it be cute to pre-fill the user name for them? Maybe prevent others from logging in on their Sun Rays? If you prevent smart card policy you have basically a secure, single-user terminal that has to be authenticated by the proper user before use.

Posted by guest on March 13, 2007 at 05:28 AM EST #

I could imagine the NSCM scenario. Maybe people have fixed offices and don't use smart cards. Wouldn't it be cute to pre-fill the user name for them? Maybe prevent others from logging in on their Sun Rays? If you prevent smart card policy you have basically a secure, single-user terminal that has to be authenticated by the proper user before use.

Posted by guest on March 13, 2007 at 05:29 AM EST #

I could imagine the NSCM scenario. Maybe people have fixed offices and don't use smart cards. Wouldn't it be cute to pre-fill the user name for them? Maybe prevent others from logging in on their Sun Rays? If you prevent smart card policy you have basically a secure, single-user terminal that has to be authenticated by the proper user before use.

Posted by bobd on March 13, 2007 at 05:30 AM EST #

I could imagine the NSCM scenario. Maybe people have fixed offices and don't use smart cards. Wouldn't it be cute to pre-fill the user name for them? Maybe prevent others from logging in on their Sun Rays? If you prevent smart card policy you have basically a secure, single-user terminal that has to be authenticated by the proper user before use.

Posted by bobd on March 13, 2007 at 05:31 AM EST #

Post a Comment:
Comments are closed for this entry.
About

bobd

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks