The Sun Ray server administrator can allow any valid UNIX user ID which has been added to the utadmin authorized user list to administer Sun Ray services using the Admin GUI. An audit trail of activity on these accounts is provided. The utadminuser command enables you to add existing UNIX users to the utadmin authorized user list.
Authentication for accounts with administrative privileges is based on the PAM authentication framework.
Use the following procedure to configure the Sun Ray Admin GUI
to allow access by the UNIX users in the
utadmin authorized user list instead of the
default admin
account. Once you enable
Admin GUI privileges for authorized users, you can add or
remove users to the utadmin authorized list
to manage access to the Admin GUI.
For each UNIX user that needs authorization to the Admin GUI, add the user to the authorized user list.
# utadminuser -a username
You can run the utadminuser command
without any options to list the current authorized users
or with the -d
option to delete a user.
Modify the /etc/pam.conf
file to use
the other authentication PAM stack
auth entries to create the PAM stack for
utadmingui
# BEGIN: added to utadmingui by SunRay Server Software -- utadmingui utadmingui auth requisite pam_authtok_get.so.1 utadmingui auth required pam_dhkeys.so.1 utadmingui auth required pam_unix_cred.so.1 utadmingui auth required pam_unix_auth.so.1
Make sure to include the comment line, which is needed for the cleanup to work properly.
To limit Admin GUI privileges to the default admin
user,
modify the /etc/pam.conf
file and replace
the PAM stack for utadmingui with the
pam_sunray_admingui.so.1
module.
# BEGIN: added to utadmingui by SunRay Server Software -- utadmingui utadmingui auth sufficient /opt/SUNWut/lib/pam_sunray_admingui.so.1
Make sure to include the comment line, which is needed for the cleanup to work properly.