10.2. Kiosk Mode Security and Failover Considerations

Because kiosk mode bypasses the system login mechanism, you must consider the security of the applications added to the user environment. Many custom applications provide built-in security, but applications that do not are not suitable for kiosk mode.

For example, adding an application such as xterm provides users with access to a command-line interface from a kiosk mode session. This access is not desirable in a public environment and is not advised. However, using a custom application for a call center is perfectly acceptable.

In a failover environment, the kiosk mode administrative settings are copied from the primary server to the secondary servers. Be sure that all application descriptors and executable paths added to the kiosk mode sessions are copied across the servers in the failover group. For example, if a Mozilla application is added to the sessions with the executable path /usr/sfw/bin/mozilla, make sure that the path to the binary is available to all servers in the failover group.

One way to ensure that sessions and applications are available on all servers in a failover group is to put them into a shared network directory, which is available on all hosts in the failover group. You can do this through a highly available file share, such as the Oracle Solaris Cluster product.