...
Changes For Shared Network Home Directories
- DESUPPORT GNOME Bonobo components from one login session will not be reused in another login session because they may not have access to the same tickets and tokens. There is similar isolation for gconfd-2 for the same reason.
- Users can log in simultaneously from multiple machines without running afoul of GNOME software locks in the home directory.
- DESUPPORT If a user's home directory is unavailable upon login, a temporary homedir will be created on local disk and used instead.
- DESUPPORT Users can log in with "ignore customizations" or in terminal mode to repair severely broken dotfiles.
- DONE User processes generated by Athena software components do not stick around after the user logs out. On cluster machines, user processes are forcibly killed after the user logs out.
- Athena machines have a screensaver which accepts a Kerberos password to unlock and which allows the user to be logged out after a set time.
- DONE GNOME won't display a dialog about changes in X keyboard settings from one login to another, since the same account is used on multiple machines.
- DOCUMENT Basic GNOME functions will work when the user's home directory is inaccessible (such as when the user's AFS tokens have expired) or is over quota.
- GNOME's trash handling has fixes for Athena home directories.
- DONE Users receive warning dialogs when Kerberos tickets are about to expire.
- DONE Users receive warning dialogs at login time when their homedir or mail quotas are approaching full.
...
Current solution: The athena-ORBit2 and athena-ORBit packages are locally modified to honor the ATHENA_SESSION_TMPDIR variable and use that instead of /tmp/orbit- for ORBit communication files. The Xsession script in athena-dotfiles creates a temporary directory (using a shell script named mksessiondir included in the same package) and sets ATHENA_SESSION_TMPDIR to point to it. This serves to create a separate universe of ORBit-enabled applications (including Bonobo components) for each login session. A similar local modification exists for athena-GConf2 and athena-GConf.
Planned solution: Bonobo components or gconfd daemons can most easily be reused if they erroneously persist beyond logout, but they can also be reused in other cases. For example, someone could have logged in remotely to an Athena machine from elsewhere, run a GNOME program such as Evolution, and left the login session around (with expired tickets and tokens) before attempting to log in locally. Although the corner cases may be rare enough to warrant moving this to the low-priority list, nothing appears to have removed the need for this feature. There is upstream support in GNOME for environment variables to specify these directories, but those features are not in the Hardy versions. We will have to use the framework for modifying Debian packages to enable this, although we can ignore the GNOME 1 libraries.
Status: Not Done.
Desupport this change. Processes persisting past logout is largely not an issue in Athena 10 (especially on cluster machines), and solving the remaining cases is not worth the penalty of changing an upstream Ubuntu package.
It's worth noting that upstream GNOME source code implements the ORBIT_SOCKETDIR and GCONF_TMPDIR environment variables, which would allow us to solve this problem through setting environment variables in debathena-xsession. Unfortunately, this code is not in Ubuntu Hardy, but it's a consideration for the future.
Status: DoneMilestone: Cluster (three days).
...
| Anchor | ||||
|---|---|---|---|---|
|
Feature: Users can log in simultaneously from multiple machines without running afoul of GNOME software locks in the home directory.
...
- If a .tcshrc file is present in a user's home directory, it will be executed instead of .cshrc; this is the standard tcsh behavior. In Athena 9.4 it is executed in addition to .cshrc.
- If you log in and use GNOME processes twice on the same machine (e.g. using ssh with X forwarding for one of the login sessions), the later session may reuse gconfd2 or Bonobo components from the former one, which can break ungracefully if the former session's tokens have expired. In Athena 9.4 we made local changes to the GNOME source code to prevent this possibility.