Hi Maxim,
Maxim Cournoyer <maxim.courno...@gmail.com> writes:
Hi muradm, muradm <m...@muradm.net> writes: [...]Could you look into adding "regular" login PAM support instead of a bypass disabled by default? The user should still be prompted forits password, and it should go through the PAM auth module.I'm not very PAM-aware, but I believe there are examples spread inthe code base.This patch provides necessary configuration for proper PAM support.I decided to take screen-locker-service-type's configuration asbasis, since it is was most simpliest and adequate enough for thiscase.This patch does not disables, baypasses or cheats PAM in any way. User may navigate to CUPS portal. In the event of administrativeactions taken by user, CUPS portal asks user to authenticate.With this configuration, it will attempt to authenticate as local system user. In the event of proper system user/password supplied and positively authenticated against PAM using "cups" service name, user allowed to take administrative action. In the event of invalidsystem user/password supplied, CUPS portal will keep loopingbegging for password (just as in your original case). If user decides to Cancel the authentication dialog, CUPS portal is navigated toUnauthorized access informing page. Why would I submit something that it is not working?I didn't mean to imply that it didn't work; I just thought that it was somehow bypassing PAM (and the original problem it caused in the first place). As I wrote earlier, I know next to nothing about PAM, andmisread your patch.I've now installed the change. Thanks for the fix, and thanks toRicardo for the reminder.
Cool, thanks!
signature.asc
Description: PGP signature
