[patch] Auth method for console users

Colin Walters walters at verbum.org
Mon Sep 27 15:16:31 UTC 2004

On Mon, 2004-09-27 at 16:02 +0200, Kay Sievers wrote:

> What about renaming it to _dbus_user_local_user() and search the logins
> with getutent(). If host = "", it should be a local user :)

Sounds bad to me; someone could login via ssh from anywhere, and then
ssh to localhost, and then I think their second ssh session would be a
"local login".  The idea with Fedora's pam_console is it should mean
that the user has physical access to the machine. 

I don't think DBus can really be a generic authentication library -
probably HAL will just have to duplicate the code for checking console
access inside a #ifdef HAVE_PAM_CONSOLE or something.  On SuSE they will
probably want to patch it to use resmgr, etc.

> Sure, it's not nice, but may work on much more systems.
> We do a similar hack in udev, look for: 
>   set_to_local_user(char *user) in
>   http://linuxusb.bkbits.net:8080/udev/anno/udev-add.c@1.73?nav=index.html|src/

It's a bit unclear to me what the security relevance of that is - what
additional privileges does a "local" user have for udev?

More information about the dbus mailing list