All,
Working the systemd issue, I ran across a question. Where do you look in the
code TDE or system to find out what is calling/using the files located in
/etc/pam.d? I say that because the only trinity related pam.d file I install is:
/etc/pam.d/trinity
#%PAM-1.0
#auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
Files already existing in pam.d relevant to the trinity file are:
/etc/pam.d/system-local-login
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login
/etc/pam.d/system-login
#%PAM-1.0
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so
However, even after the logind-multiseat-patch, the loginctl show-session
$XDG_SESSION_ID output is still:
NAutoVTs=6
KillExcludeUsers=root
KillUserProcesses=no
IdleHint=yes
IdleSinceHint=0
IdleSinceHintMonotonic=0
InhibitDelayMaxUSec=5s
HandlePowerKey=poweroff
HandleSuspendKey=suspend
HandleHibernateKey=hibernate
HandleLidSwitch=suspend
IdleAction=ignore
IdleActionUSec=30min
PreparingForShutdown=no
PreparingForSleep=no
This suggests to me, that my pam.d setup is not sufficient to enable the
needed user session tracking. Francios pam config is different in several areas
and he has several more pam.d files related to kde/TDE than I do. How do you
tell you setup to use additional files in /etc/pam.d/? Where is the code that
asks to see a file named '/etc/pam.d/whatever' in TDE and how is the name of the
file in /etc/pam.d/foo established? Where is the link between the code and
'foo'? I think that is another area that could be giving all of us without
consolekit issue. Because you are required to register you login and session
with the 'pam stack' and that is where I'm stumbling.
One of the requirements in the
freedesktop.org docs is that you register the
greeter with pam. I don't see that explicitly happening anywhere in
tdm/backend/client.c. The best I can come up with is it should be done with
something like this at about line 1325 in the multiseat patched file:
if ((pretc = pam_misc_setenv( pamh, XDG_SESSION_CLASS, "greeter", 0 )) !=
PAM_SUCCESS) {
ReInitErrorLog();
LogError( "pam_misc_setenv() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
return 0;
}
This is similar to an example given by freedesktop for registering the greeter
with pam.
Can someone with more smarts regarding pam give me a little insight into
(1) where the code -> /etc/pam.d/foo file connection is made; and
(2) do you find the greeter being previously registered with pam anywhere else
outside of the consolekit preprocessor directives?
--
David C. Rankin, J.D.,P.E.