The Sun Ray server administrator can allow any valid UNIX user ID, which has been added to the utadmin authorized user list, to administer Sun Ray services using the Admin GUI. An audit trail of activity on these accounts is provided. The utadminuser command enables you to add existing UNIX users to the utadmin authorized user list.
Authentication for accounts with administrative privileges is based on the PAM authentication framework.
Use the following procedure to configure the Sun Ray Admin GUI
to allow access by the UNIX users in the
utadmin authorized user list instead of the
default admin
account. Once you enable
Admin GUI privileges for authorized users, you can add or
remove users to the utadmin authorized list
to manage access to the Admin GUI.
For each UNIX user that needs authorization to the Admin GUI, add the user to the authorized user list.
# utadminuser -a username
You can run the utadminuser command
without any options to list the current authorized users
or with the -d
option to delete a user.
Add the following auth entries to the /etc/pam.d/utadmingui
file:
#%PAM-1.0 # BEGIN: added to utadmingui by SunRay Server Software -- utadmingui auth include system-auth # END: added to utadmingui by SunRay Server Software -- utadmingui
Make sure to include the comment lines, which are needed for the cleanup to work properly.
To limit Admin GUI privileges to the default admin
user,
replace the PAM
entries in the /etc/pam.d/utadmingui
file with the
pam_sunray_admingui.so.1
module.
# BEGIN: added to utadmingui by SunRay Server Software -- utadmingui auth sufficient /opt/SUNWut/lib/pam_sunray_admingui.so.1 # END: added to utadmingui by SunRay Server Software -- utadmingui
Make sure to include the comment lines, which are needed for the cleanup to work properly.