Difference: APPXLoginManagerForUnixLinux (66 vs. 67)

Revision 672016-03-03 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Login Manager For Unix/Linux

This page describes how to install the APPX Login Manager command and how to use it to install, configure, and manage APPX Login Services on Unix/Linux systems.

Changed:
<
<

>
>

  The APPX Login Manager command is used to configure and manage APPX Login Services.
Line: 301 to 300
 -ServerPrivateKeyPassphrase=PASSPHRASE
This option is not needed and has not been implemented.
Added:
>
>
-UseOldSSLcert={true,false}
Forces the login manager to use pre 5.4.4 certificates. This allows older clients to connect to 5.4.4 and up (5.4.4 & up login manager only).
 

Configuration - Environment Variables

VARIABLE=VALUE
You can include a space-separated list of environment variables at the end of the command line when you use the -install option. These environment variables will be saved in the env file that is created and will be given to the environment of the appx sessions that are started by the Login Manager. Note that when specifying variables on the command line, you do not prefix them with a dash if you are referring to environment variables.
Line: 601 to 598
 To turn off the setuid bit, chmod u-s ../appx
Changed:
<
<

Issues:

  1. The stop option of the Red Hat service command has a problem. It does seem to remove the running process; however, it produces errors. Further, it fails to remove the PID from the (/var/run/appx-8060.pid)
    /etc/init.d/appx-8060: line 39: success: command not found
    /etc/init.d/appx-8060: line 39: failure: command not found
    /etc/init.d/appx-8060: line 43: failure: command not found
  2. The setuid warning message is displayed every time a configuration is loaded or saved. This results in the message being displayed up to three times depending on the command being executed. Perhaps it should only be displayed when a configuration is saved.
  3. The setuid warning indicates that it is triggered by the OSUser <nop>AuthenticationMethod. <nop>AuthenticationMethod is not influenced by the setuid bit being turned on. However, <nop>ImpersonateUser is impacted.

Enhancement Suggestions:

  1. To match the Windows platform, he following should be valid syntax: "appxLoginMgr -install". It should default to port 8060, or the Windows platform should not default to port 8060.
  2. In an effort to make appxdsvc and uappxd (appxLoginMgr) as similar as possible, consider allowing -status as a single argument that would list all appxLoginMgr daemons. (Perhaps this isn't practical on Unix platforms)
  3. APPX_KEYMAP environment variable should be initialized upon default install options. Currently "appxLoginMgr -install -SockPort=8060" does not place APPX_KEYMAP into appxLoginMgr-8060.env.
  4. appxLoginMgr should create .ini and .env files in the tools subdirectory, and not in the current working directory.
  5. The appxLoginMgr -replace argument should require the -ServiceName option, and not assume <nop>ServiceName =appx-8060.
  6. The requirements for use of -name argument seem inconsistent. Below are examples where + works, and - does not.
    1. (-) ./appxLoginMgr -modify appx-8060 -TCPNodelay=false

    2. (+) ./appxLoginMgr -modify -name=appx-8060 -TCPNodelay=false
    3. (-)./appxLoginMgr -status
    4. (+)./appxLoginMgr -status -name=appx-8060
    5. (+) ./appxLoginMgr -stop appx-8060
    6. (-) ./appxLoginMgr -stop -name=appx-8060
    7. (+) ./appxLoginMgr -start appx-8060
    8. (-) ./appxLoginMgr -start -name=appx-8060
    9. (-) ./appxLoginMgr -remove appx-8060
    10. (+) ./appxLoginMgr -remove -name=appx-8060
    11. (-) ./appxLoginMgr -status
    12. (+) ./appxLoginMgr -status appx-8060
    13. (+) ./appxLoginMgr -status -name=8060
  7. Warn users not to move configuration files. A service script is created in the /etc/init.d system directory for each service installed by running the appxLoginMgr command. These scripts reference the corresponding service configuration files using a fully qualified absolute pathname. If you move the configuration files to another directory or rename them, the service scripts will no longer work. We should probably warn via screen notice on service creation, and document inside the .ini and .env files that if the .ini, .env and appxLoginMgr/appxAuditLogger are move or renamed, then the /etc/init.d system startup script will fail to work. The service scripts also reference the appxLoginMgr command using a fully qualified absolute pathname.

  8. RequireSSL is not a valid parameter and should be removed from the configuration file.

  9. RequireSSLClientCertificates is not a valid parameter and should be removed from the configuration file.

  10. ServerPrivateKeyPassphrase is not a valid parameter and should be removed from the configuration file.

>
>

 

Reconnect Feature (5.3 & up)

A new connection manager allows a user to reconnect to dropped sessions.

Line: 685 to 655
  Attach - This button is only enabled if your login manager has been configured to allow reconnections, in which case the Workstation IDs will be 'PIPE' as in the example above. The second session (on /dev/pts/1) is a character mode session, which you cannot Attach to. If your login manager is not configured for reconnections, then the Workstation ID will be either an IP address (for GUI connections) or a /dev/ address for a character mode connection. Since an APPX System Administrator will see all running sessions, they can Attach to any user's session. A new window will open on the Administrators desktop, and the client window on the users desktop will close (when they attempt to use their session). A non Administrator will only see their own sessions, and therefore can only Attach to their own session.
Changed:
<
<
Kill - This will attempt to cancel the selected session. This will only be successful if you have sufficient O/S permissions to allow it, i.e., you have Administrator level or you are cancelling one of your own sessions. See .UTIL KILL SESSION for more information.
>
>
Kill - This will attempt to cancel the selected session. This will only be successful if you have sufficient O/S permissions to allow it, i.e., you have Administrator level or you are cancelling one of your own sessions. See .UTIL KILL SESSION for more information.
  Exit - This will exit the session manager without logging in to APPX.
Changed:
<
<
>
>

Issues:

  1. The stop option of the Red Hat service command has a problem. It does seem to remove the running process; however, it produces errors. Further, it fails to remove the PID from the (/var/run/appx-8060.pid)
    /etc/init.d/appx-8060: line 39: success: command not found
    /etc/init.d/appx-8060: line 39: failure: command not found
    /etc/init.d/appx-8060: line 43: failure: command not found
  2. The setuid warning message is displayed every time a configuration is loaded or saved. This results in the message being displayed up to three times depending on the command being executed. Perhaps it should only be displayed when a configuration is saved.
  3. The setuid warning indicates that it is triggered by the OSUser AuthenticationMethod. AuthenticationMethod is not influenced by the setuid bit being turned on. However, ImpersonateUser is impacted.
 

Comments:

Read what other users have said about this page or add your own comments.


Changed:
<
<

<--/commentPlugin-->
>
>

<--/commentPlugin-->
 
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback