Changes

Sun Ray

345 bytes added, 10:36, 25 August 2009
Security and Encryption: update with info about icons
"Server authentication" is enabled. While we're not really sure how it works, it theoretically makes the connection process less vulnerable to a man-in-the-middle attack. Even if it doesn't actually help, turning it on doesn't degrade performance, and connecting DTUs show a green check instead of a red X, which is more reassuring for users to see.
Only authorized and registered DTUs and smart cards can connect to the TJ Sun Ray network. If an unauthorized DTU or smart card attempts to connect, you will see either of two icons:*"Do Not Enter" icon, similar to the one found on traffic signs (pre-SRSS 4.2)*A smart card with an X, icon code 48 (SRSS 4.2 and later)See "SRSS Troubleshooting Icons" link at the bottom of this page for images (only the new one will be available). Starting with the next release of Sun Ray Software (currently in beta testing), "client authentication" is available and is enabled by default.
By secure design, Kerberos tickets and AFS tokens always expire after a set amount of time, usually less than one day from when they were obtained or renewed. This may cause issues for users that do not log out at the end of the day. Without valid non-expired AFS tokens, you cannot read or write your own home directory, which will effectively end up dead-locking your session, requiring it to be hard terminated. To avoid this, users will need to do at least one of the following: