[systemd-devel] Some questions on userdbd and providing a compatible service

Dominik George nik at naturalnet.de
Thu Nov 24 13:26:24 UTC 2022


Hi,

> how do you intend to support getty logins, i.e. non-graphical
> text-based only logins, where you cannot just open a webbrowser? oidc
> device flow?

Exactly.

> That's tough. PAM has a lot on implicit and explicit state attached to
> the PAM handle... And you can have PAM conversations and so on
> (i.e. prompting arbitrary questions) which makes PAM compat really
> really messy...

I know. But that's an issue of PAM, not of talking to a Varlink
API. Talking to a remote API will IMHO improve this a lot for my use
case – imagine spawning a sandboxed webbrowser in a display manager
from the single-threaded non-reentry-safe context of a PAM
conversation. Asking an external daemon to handle that and jsut keep
polling it for a result seems much more reasonable.

-nik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20221124/b4f1ec28/attachment.sig>


More information about the systemd-devel mailing list