[LightDM] Building on XStreamOS/illumos
Guido Berhoerster
gber at opensuse.org
Thu Mar 27 03:07:01 PDT 2014
* Gabriele Bulfon <gabriele.bulfon at sonicle.com> [2014-03-27 09:50]:
> Can you send me your log with PAM messages?
PAM policy is configured in /etc/pam.conf, I suppose you haven't
set that up correctly. /etc/pam.d/ where LightDM installs its
policy files is only supported on Solaris > 11.1 and thus does
not work on Illumos. Furthermore you need to adapt the policy
anyways, the existing GDM policy should be a good starting point
to do that.
There are other issues relating to proper Solaris integration as
well, you need to patch in sdtlogin support so that the X server
can safely drop root privileges on login, support logindevperm
for correct device permissions and possibly RBAC in order to
enable shutdown/reboot.
For some pointers have a look at
http://www.x.org/wiki/Events/XDC2012/XDC2012AbstractAlanCoopersmith/SolarisXorgPrivileges.pdf
and the gdm patch sets at
https://hg.openindiana.org/sustaining/oi_151a/spec-files/file/db10202d5f6d
https://hg.java.net/hg/solaris-desktop~spec-files/file/a2add17d60e2
> BTW, is it absolutely necessary to have a lightdm user? I run it as root.
The LightDM daemon runs with root privileges, however the greeter
needs to run as an unprivileged user. Running a user-facing GUI
for authentication with root privileges is just a security
disaster waiting to happen.
Guido Berhoerster (former OpenIndiana JDS maintainer)
More information about the LightDM
mailing list