Dtautologin is an alternative to dtlogin, that automatically starts up a complete CDE session on a workstation console without requiring the session owner to log in and supply a password. It's most useful in secure environments, where only authorized people have access to the console, for monitoring and control applications.
For more information about Dtautologin, see the following topics.
We have a Sparc workstation in our computer room that serves as the serial console for all of our Unix servers. It originally ran Solaris 2.5.1 with CDE, and was recently upgraded to Solaris 8. Each server console appears in a dtterm window on one of several workspaces. Using CDE for this purpose means that somebody has to log in a user on the workstation console after the machine boots, in order to start up all the dtterm windows and other CDE applications. Dtautologin bypasses the CDE login screen, starting up the entire CDE session right after the workstation boots.
I'm now replacing console server with a new machine running Solaris 10, which has the JDS3 desktop, as well as CDE. With JDS3, automatic login can be accomplished in a much nicer way.
The first step is to make gdm the login manager, rather than dtlogin:
# /usr/dt/bin/dtconfig -d # sh /etc/init.d/dtlogin stop # svcadm enable gdm2-login
Now, the file /etc/X11/gdm/gdm.conf needs to be modified to enable automatic login. One way is to make these additions:
This causes an immediate login of the specified user. I decided to do it this way instead:
This adds a 30-second delay to the automatic login, giving time to log in as a different user, if necessary.
In any case, two lines also have to be added to /etc/pam.conf:
gdm-autologin auth required pam_unix_cred.so.1 gdm-autologin auth sufficient pam_allow.so.1
The file /usr/lib/security/pam_allow.so.1 is not currently included with Solaris 10. It can be copied from one of the Nevada releases, for the appropriate platform, and installed in /usr/lib/security.
With these changes, automatic login almost works, but the oper session displays a message saying that the session lasted less than ten seconds. These errors appear in ~oper/.xsession-errors:
/etc/X11/gdm/Xsession: Cannot find Xclients /etc/X11/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent -- xsm xsm: No such file or directory
The problem seemed to be that gdm did not select the correct default desktop session, likely because `oper' had never logged in to this machine before. I tried a few changes to /etc/X11/gdm/gdm.conf to correct that, but to no avail. However, creating ~oper/.dmrc with these contents did the trick:
After a 30-second delay, oper is automatically logged in on the graphic console and gets the typical JDS3 desktop for a new user.
Dtautologin is a shell script that runs as root, and provides most of the functions of dtlogin, except that it does not display the greeting screen to authenticate the user. Instead, it runs the CDE session as a preset user, defaulting to oper. It starts the X server on the console, starts fbconsole, and then goes into a loop that runs all the usual CDE configuration scripts and starts the X session. It uses the MIT-MAGIC-COOKIE mechanism to secure the console, and reacts to signals the same way as dtlogin. When the user exits his CDE session, dtautologin starts up another one.
The current release of dtautologin is version 1.2. Source is available as a compressed tar file.
To install dtautologin, just do a `make install', after editing the Makefile to suit your file layout. A startup script is supplied that can be installed in place of /etc/init.d/dtlogin.rc or /etc/init.d/dtlogin. Edit this script to change the location of dtautologin, or the user that owns the CDE session. Run it as root to start or stop dtautologin.
If you have improved or extended dtautologin, please send the details to Gary Mills at the University of Manitoba.
Please send bug reports to Gary Mills at the University of Manitoba.
Don't go here.