[blfs-dev] PAM files for kde-workspace

Armin K. krejzi at email.com
Thu Feb 14 04:36:28 PST 2013

On 02/14/2013 10:16 AM, Ragnar Thomsen wrote:
> I want to discuss the PAM files for kde-workspace. Armin, is there a
> reason that you created the files different from the file for login?
> For example, you use the pam_env.so module in auth instead of session.
> The man page doesn't reveal what the difference is in running this
> module in auth versus session.

First of all, it was mostly a copy of GDM configuration file.

It doesn't matter whether it's session or not - env vars are set either way.

> You use pam_succeed_if.so and not pam_access.so, pam_limits.so and
> pam_faildelay.so.

pam_suceed_if is used to prevent root login via kdm. I don't know what 
pam_access does ... As for pam_limits, I think it should go there ... I 
didn't pay enough attention to that.

> Shouldn't the same modules be used when logging into kdm as when
> logging in with login?

No. pam_motd and pam_mail are useless for display manager but useful 
when loging in via tty.

> Of course for kde-np (passwordless login) the pam_permit.so module
> must be used instead of system-auth.

It's used.

# Begin /etc/pam.d/kde-np

auth     requisite      pam_nologin.so
auth     required       pam_env.so

auth     required       pam_succeed_if.so uid >= 1000 quiet
auth     required       pam_permit.so # HERE IS IT

account  include        system-account
password include        system-password
session  include        system-session

# End /etc/pam.d/kde-np

> - Ragnar -

More information about the blfs-dev mailing list