[OpenAFS] Making screensaver updating token on solaris
Charles Clancy
security@xauth.net
Tue, 26 Feb 2002 11:11:20 -0600 (CST)
> > > I am wondering how one can make the dtscreen saver from solaris update
> > > the tokens. If this ist not possible: is there a workaround ?
> >
> > The CDE screensaver, dtscreen, is not responsible for actually locking the
> > screen -- it defers to dtsession. Since dtlogin and dtsession can have
> > separate pam.conf entries, I'd suggest the following PAM configuration:
>
> Thank's for the answer. I included these four lines in the pam.conf and deleted the
> old entries for dtlogin and dtsession. Unfortunatelly when I try to login now I spend
> quit a long time in front of a white screen. After a while white changes to black.
I suspect sometime during the login process, dtsession's PAM entries are
referenced. I'm no longer in an AFS environment, so I don't have a test
machine to try it out on, and work out the bugs. I suggest checking the
man pages: dtsession(1X), dtscreen(1X), or docs.sun.com.
My only other suggestion is to use a different screen locker.
/usr/openwin/bin/xlock is out, because it doesn't support PAM.
Xscreensaver is good. Of course, you'd have to instruct your users to
type "xscreensaver-command -lock" rather than clicking the lock icon on
the CDE front panel.
Also, you could switch to Gnome. The HelixCode (or whatever they've
renamed themselves to) distribution works really well under sparc Solaris,
and it comes with xscreensaver. I doubt it's worth completely changing
your users' desktop environment to make a screensaver work better, though.
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy