Proposing to host system-auth-agent in fdo

Mark McLoughlin markmc at redhat.com
Wed Oct 13 20:34:50 EEST 2004


Hi,

On Wed, 2004-10-13 at 13:59, William Jon McCann wrote:
> Hi Carlos,
> 
> First, it is great that you are working on this problem.
> 
> Carlos Garnacho wrote:
> > Why not sudo?
> > =============
> 
> How does your tool compare to console-helper [1]?  They seem to cover 
> the same ground.

	console-helper itself is nice in that you can have applications be run
as root by making console-helper authenticate the user using PAM and
then launch the application.

	However, the real power of this is when you combine console-helper with
two PAM modules - pam_console and pam_timestamp.

	pam_console does two things - a) determines if the user is logged in at
the console and authenticates the user for the service if so and b)
changes certain device permissions when you log in at console.

	pam_timestamp allows you to cache a successful authentication attempt
for a certain time period (I think its 5 minutes) so you don't have to
re-authenticate.

	Things like system-config-time uses pam_timestamp so that the first
time you need to type in the root password, but don't have to do it
again within the next five minutes. reboot/halt uses pam_console so that
if you're logged in at console you can reboot or halt the machine.

Cheers,
Mark.




More information about the xdg mailing list