[PATCH] a library and, uh, a PAM module
William Jon McCann
mccann at jhu.edu
Wed Feb 28 16:44:12 PST 2007
On 2/28/07, David Zeuthen <david at fubar.dk> wrote:
> On Wed, 2007-02-28 at 11:45 +0100, Patrice Dumas wrote:
> > Sounds good. Just one thing, why environment variables and not pam
> > items, for the tty and display? And it would certainly make sense to
> > have those 2 items part of standard pam.
And by "standard pam" you mean... ?
http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
> I thought about that but PAM items are integers and CKCON_TTY and
> CKCON_X11_DISPLAY are somewhat non-standard things... the way PAM works
> is that it sets PAM_TTY to either /dev/tty1 (for e.g. /bin/login) or
> ":20" (for gdm-ish) and that's an accepted convention as far as I
> understand... so using PAM items for this would require patching PAM and
> I don't think this is feasible nor desirable.
And last time I checked openssh sets PAM_TTY to "ssh". Awesome. :)
And for more hilarity check out:
http://www.google.com/codesearch?q=PAM_TTY
> Plus, you really want your login manager to have native ConsolKit
> support (rather than a PAM module) so you can feed in more hints.. this
> PAM module is more of a stop-gap solution because the RH util-linux
> maintainer wanted it that way for /bin/login. Sure, this PAM module
> might be useful too for wdm, kdm but I think the position of the
> ConsoleKit team (or me at least; can't speak for Jon) is that you want
> to call into ConsoleKit from your app... heck, you already have to patch
> e.g. wdm to set/unset these environment variables.
Right. I am completely unconvinced that PAM offers anything at all in
this case. I think it is all a bit silly but we have bigger fish to
fry. It is just another point of failure and a way for sysadmins to
unwittingly make HAL fail - oh well.
Jon
More information about the hal
mailing list