Dtautologin: Automatic CDE Session Startup

Dtautologin is an alternative to dtlogin, that automatically starts up a complete CDE session on a workstation console without requiring the session owner to log in and supply a password. It's most useful in secure environments, where only authorized people have access to the console, for monitoring and control applications.

For more information about Dtautologin, see the following topics.


  • Introduction
  • Auto Login for Solaris 10
  • How Dtautologin Works
  • Obtaining the Source
  • Installing
  • Help Wanted
  • Reporting Bugs


    Introduction

    We have a Sparc workstation in our computer room that serves as the serial console for all of our Unix servers. It originally ran Solaris 2.5.1 with CDE, and was recently upgraded to Solaris 8. Each server console appears in a dtterm window on one of several workspaces. Using CDE for this purpose means that somebody has to log in a user on the workstation console after the machine boots, in order to start up all the dtterm windows and other CDE applications. Dtautologin bypasses the CDE login screen, starting up the entire CDE session right after the workstation boots.

    Auto Login for Solaris 10

    I'm now replacing console server with a new machine running Solaris 10, which has the JDS3 desktop, as well as CDE. With JDS3, automatic login can be accomplished in a much nicer way.

    The first step is to make gdm the login manager, rather than dtlogin:

            # /usr/dt/bin/dtconfig -d
            # sh /etc/init.d/dtlogin stop
            # svcadm enable gdm2-login
    

    Now, the file /etc/X11/gdm/gdm.conf needs to be modified to enable automatic login. One way is to make these additions:

            AutomaticLoginEnable=false
            AutomaticLogin=oper
    

    This causes an immediate login of the specified user. I decided to do it this way instead:

            TimedLoginEnable=true
            TimedLogin=oper
    

    This adds a 30-second delay to the automatic login, giving time to log in as a different user, if necessary.

    In any case, two lines also have to be added to /etc/pam.conf:

            gdm-autologin auth  required    pam_unix_cred.so.1
            gdm-autologin auth  sufficient  pam_allow.so.1
    
    

    The file /usr/lib/security/pam_allow.so.1 is not currently included with Solaris 10. It can be copied from one of the Nevada releases, for the appropriate platform, and installed in /usr/lib/security.

    With these changes, automatic login almost works, but the oper session displays a message saying that the session lasted less than ten seconds. These errors appear in ~oper/.xsession-errors:

            /etc/X11/gdm/Xsession: Cannot find Xclients
            /etc/X11/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent -- xsm
            xsm: No such file or directory
    

    The problem seemed to be that gdm did not select the correct default desktop session, likely because `oper' had never logged in to this machine before. I tried a few changes to /etc/X11/gdm/gdm.conf to correct that, but to no avail. However, creating ~oper/.dmrc with these contents did the trick:

            [Desktop]
            Session=gnome
    

    After a 30-second delay, oper is automatically logged in on the graphic console and gets the typical JDS3 desktop for a new user.

    How Dtautologin Works

    Dtautologin is a shell script that runs as root, and provides most of the functions of dtlogin, except that it does not display the greeting screen to authenticate the user. Instead, it runs the CDE session as a preset user, defaulting to oper. It starts the X server on the console, starts fbconsole, and then goes into a loop that runs all the usual CDE configuration scripts and starts the X session. It uses the MIT-MAGIC-COOKIE mechanism to secure the console, and reacts to signals the same way as dtlogin. When the user exits his CDE session, dtautologin starts up another one.

    Obtaining the Source

    The current release of dtautologin is version 1.2. Source is available as a compressed tar file.

    Installing

    To install dtautologin, just do a `make install', after editing the Makefile to suit your file layout. A startup script is supplied that can be installed in place of /etc/init.d/dtlogin.rc or /etc/init.d/dtlogin. Edit this script to change the location of dtautologin, or the user that owns the CDE session. Run it as root to start or stop dtautologin.

    Help Wanted

    If you have improved or extended dtautologin, please send the details to Gary Mills at the University of Manitoba.

    Reporting Bugs

    Please send bug reports to Gary Mills at the University of Manitoba.

    Don't go here.