000018308 - How to configure XWindows CDE login (dtlogin) for ACE/Authentication on Solaris 2.6

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018308
Applies ToRSA ACE/Server
Sun Solaris 2.6
IssueHow to configure XWindows CDE login (dtlogin) for ACE/Authentication on Solaris 2.6
The user logs in with the standard CDE login and is prompted in an xterm window for a PASSCODE. After entering the correct PASSCODE, the user is logged out and presented with the CDE log in again.
CauseThe CDE login mechanism used on Solaris changes between versions, and it is not obvious which files need modifying
ResolutionOn Solaris 2.6, the default flow of a login is as follows:

1. The user logs in

2. /usr/dt/config/Xconfig is read by dtlogin

3. /usr/dt/config/Xstartup executes as 'root'

4. /usr/dt/config/Xsession.ow executes as the user

5. /usr/dt/bin/Xsession executes as the user and sends log info to ~<user>/.dt/startlog

In step 5, the shell field of the /etc/passwd file is checked for a valid shell (such as csh, sh, ksh etc). If the user is protected by SecurID, then this field must say 'sdshell'. This is the reason the ACE/Server installation documentation advises the following:

For each session file on the system, perform the following step:

At the beginning of the file or before execution of any kind of
terminal-emulating X client program, add the following lines to add
a reference to the user?s default shell as defined in the
RSA ACE/Server database:

        if [ -n "$TESTSHELL" ] ; then
                SHELL=$TESTSHELL ; export SHELL

since it is no good looking in /etc/passwd because it says 'sdshell', this will talk to the ACE/Server for the user and retrieve the UNIX shell field.

The important factor to note is that this piece of code cannot be put into the Xconfig file since it is run by root. It must be put in Xsession.ow.

CDE has many configuration files and different users may have different sequences of startup. There may be other Xsession files that need to be altered as well as Xsession.ow. It may prove useful to look in the user's home directory at ./.dt/startlog to see what is happening.

NOTE: The files in /usr/dt/config are templates provided by Sun. It is usual to copy all the files to /etc/dt/config . Then, customizations are made to these files, leaving those in /usr/dt/config untouched.
Legacy Article ID6.0.3197053.2905268