per seat hardware and login managers
William Jon McCann
mccann at jhu.edu
Mon Mar 19 13:04:48 PDT 2007
Hi,
While patching pam thinkfinger [1] to work without root privilege I
realized that there is a use case for per seat hardware beyond the
typical multi-seat case. I think it is worth discussing how we expect
to handle it.
In brief, the case is this:
* Computer A has a biometric/fingerprint/smart card device. It has
PAM configured to allow authentication by this device.
* Computer B connects to Computer A via XDMCP (or other means).
* The login manager (GDM/login/etc) on Computer A displays a login
prompt to Computer B.
* The user at Computer B does not have physical access to the
hardware of Computer A.
And the specific question is: How should a PAM module running on
Computer A know what "seat" it is attached to?
And the reason why this is a slightly different question than (after
login) what seat does the new session belong to is that at the moment
login managers do not run in a session and the resulting user session
is created after authentication.
The answer will also be relevent to how we might run things like
gnome-power-manager while a login manager is running.
One possible solution is to run the login manager in its own (possibly
special) session.
Thoughts?
Jon
[1] http://thread.gmane.org/gmane.linux.drivers.thinkfinger/328
More information about the hal
mailing list