[blfs-dev] PAM files for kde-workspace
krejzi at email.com
Thu Feb 14 04:36:28 PST 2013
On 02/14/2013 10:16 AM, Ragnar Thomsen wrote:
> I want to discuss the PAM files for kde-workspace. Armin, is there a
> reason that you created the files different from the file for login?
> For example, you use the pam_env.so module in auth instead of session.
> The man page doesn't reveal what the difference is in running this
> module in auth versus session.
First of all, it was mostly a copy of GDM configuration file.
It doesn't matter whether it's session or not - env vars are set either way.
> You use pam_succeed_if.so and not pam_access.so, pam_limits.so and
pam_suceed_if is used to prevent root login via kdm. I don't know what
pam_access does ... As for pam_limits, I think it should go there ... I
didn't pay enough attention to that.
> Shouldn't the same modules be used when logging into kdm as when
> logging in with login?
No. pam_motd and pam_mail are useless for display manager but useful
when loging in via tty.
> Of course for kde-np (passwordless login) the pam_permit.so module
> must be used instead of system-auth.
# Begin /etc/pam.d/kde-np
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth required pam_permit.so # HERE IS IT
account include system-account
password include system-password
session include system-session
# End /etc/pam.d/kde-np
> - Ragnar -
More information about the blfs-dev