Randy McMurchy wrote: > > Just for my FYI, (and sorry for not being able to answer this myself > due to no time for recent BLFS), what does having X installed do to > a Linux-PAM build? > > I've always installed cracklib/PAM/Shadow before X so I cannot say > or determine what may or may not be different. >
Yes, it's a reciprocal dependency. Proper order is as you have it but later to rebuild Linux-PAM. I hadn't quite figured out what to do with su and sudo yet. Wasn't sure if requisite would fail if the module didn't exist, but optional seems to be the appropriate control in this situation anyway (since we don't know if it exists). I was just over thinking it I guess. I'll get /etc/pam.d/su updated in a sec. Anyway, to directly answer your question, it provides pam_xauth which IIUC creates $XAUTHORITY for the target user with the current xauth session key for use with su (and later, for sudo when /etc/pam.d/su is copied). From the modules/pam_xauth/README file: pam_xauth — PAM module to forward xauth keys between users -------------------------------------------------------------------------- DESCRIPTION The pam_xauth PAM module is designed to forward xauth keys (sometimes referred to as "cookies") between users. Without pam_xauth, when xauth is enabled and a user uses the su(1) command to assume another user's priviledges, that user is no longer able to access the original user's X display because the new user does not have the key needed to access the display. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down. -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
