-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 2022-10-11 at 10:02 -0600, Sam Hartman wrote: > If including common-session will work, I think that's a good improvement > for everyone. > It is closer to best practice, and it means that as PAM profiles are > added over time, they will work for lightdm as well.
Ok, but... > > Whether that works depends on the architecture of the greeter. > If the greeter has one process that does the initial authentication and > then forks off an entire different set of processes not descended from > the greeter that run the session, then including common-session might > not work so well. That's the case. > > I'm kind of confused though because it looks like 1.26.0-8's sources > already include common-session in data/pam/lightdm. Yes, because there are two PAM sessions: - - one for the greeter itself, running as the lightdm user - - one for the logged in user The user session already includes common-session but the greeter itself uses a more stripped PAM configuration since it's only used for the login screen. So I'm unsure if an “interactive user” PAM session is really a good idea here. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmNFtc0ACgkQ3rYcyPpX RFu7BAgAoWJnJlzOocZHXVF1fZpYHPkHytKbvCWlm22qcSuEsdg+sBlKN+UtNK2n xnb1oY4qffVtCORVNicKlwP+3OuL8WsW9vwHpni3V3oLuMoG474dT3iP9YGc2nW8 tgeK1TNpUuYiNGGGwcoUI+NlJY8mqYmbOxNVrbGNz7M7fLnd4jDPNdzCfh00bxMQ W/MR5n/C+DlfXmoG+CQBudKRQpbNqXxl/POm2lphmf4do+oVfpFT7CPekwvzyp/H /eHEV/rkjPTRzDnlsuhKSsLWebK9+ye+gUJfUJLDc6Hrx3RVnr4ZULKrrtbMg5d+ JivFke0rBEELT4xJUhEQukxRUo12Rw== =+dab -----END PGP SIGNATURE-----