Kiosk mode can be enabled as the default session type for smart card users, non-smart card users, or both. When kiosk mode is enabled for a class of tokens, this choice can be overridden for individual tokens. For example, when kiosk mode is enabled for card users, regular non-kiosk session access can be configured for individual cards. Alternatively, a kiosk session other than the default kiosk session can be configured for individual tokens. Enabling and disabling kiosk mode for individual tokens is described in Section 10.9, “How to Override the Default Kiosk Mode Policy”.
Before enabling kiosk mode, you must configure the kiosk mode user accounts.
Kiosk mode functionality can be enabled and disabled from the System Policy section of the Advanced tab, which provides options to enable kiosk mode for smart card users, non-smart card users, or both.
Become superuser on the Sun Ray server.
Enable a kiosk mode through the utpolicy -k command.
The following options determine whether access to the Sun Ray server is granted to certain tokens:
-z both/pseudo/card
or
-r both/pseudo/card [-s both/pseudo/card]
The -k both/pseudo/card
option determines
whether some or all of the granted sessions are kiosk
sessions.
# /opt/SUNWut/sbin/utpolicy -a -M -s both -r both -k both
All users are directed to kiosk sessions.
# /opt/SUNWut/sbin/utpolicy -z card -k card
All sessions are in kiosk mode and available only to smart card users unless you specify overrides.
# /opt/SUNWut/sbin/utpolicy -a -M -s both -r both -k card
Only smart card users are directed to kiosk sessions.
# /opt/SUNWut/sbin/utpolicy -a -s both -r both -k pseudo
Only non-smart card users are directed to kiosk sessions.
# /opt/SUNWut/sbin/utpolicy -z both -k pseudo
Smart card sessions are non-kiosk (ordinary login) sessions. Non-smart card sessions are kiosk sessions.
# /opt/SUNWut/sbin/utpolicy -r card -z pseudo -k pseudo
Non-kiosk smart card sessions are allowed only for registered tokens. Non-smart card sessions are kiosk sessions.
# /opt/SUNWut/sbin/utpolicy -r both -s both -k card
Smart card sessions are kiosk sessions, non-smart card sessions are non-kiosk (ordinary login) sessions. Users can self-register smart card tokens and clients.
# /opt/SUNWut/sbin/utpolicy -z card -k card
All sessions are in kiosk mode and available only to smart card users unless you specify overrides.
If Kiosk mode is enabled for smart card and/or for non-card sessions, then disabling Kiosk mode (using utconfig -u -k) also disables the Kiosk policy.
This behavior may be surprising in a failover group, where the Kiosk policy is disabled for the entire group when Kiosk Mode is unconfigured on any server in the group.
Before unconfiguring Kiosk Mode on any host in a failover group, disable the Kiosk policy, and perform a cold restart of the server group.
To perform maintenance tasks on Kiosk user accounts without unconfiguring Kiosk Mode completely, use the /opt/SUNWkio/bin/kioskuseradm tool instead of utconfig.