After studying the code and exploring a bit with gdb and a test PAM module I wrote that simply sets pam_user, I've determined that in fact lightDM *already* works just fine with a PAM module on the auth stack of the lightdm-autologin PAM service which sets PAM_USER. I simply hadn't realized that autologin used its own PAM service.
The name specified for PAM_USER will override the autologin-user value in lightdm.conf. In my opinion, this behavior is ideal. If we actually tried to change the code to allow turning autologin on without specifying an autologin user, and no PAM_USER was set by any PAM module, we'd have a strange error case to deal with. So, to turn autologin on, you must specify a default/fallback user for autologin-user. If a PAM module in the lightdm-autologin PAM stack sets PAM_USER in pam_sm_authenticate(), that will override the user specified in lightdm.conf. No change required. If there are no other suggestions/objections, I will close out this bug. Too bad, I was looking forward to contributing :-) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1371710 Title: autologin should support PAM_USER Status in Light Display Manager: Triaged Status in Light Display Manager 1.10 series: Triaged Status in “lightdm” package in Ubuntu: Triaged Status in “lightdm” source package in Trusty: Triaged Status in “lightdm” source package in Utopic: Triaged Bug description: There should be a way to specify the autologin-user via PAM_USER. Currently, to enable autologin you specify autologin-user in the lightdm.conf file, and any value of PAM_USER returned after pam_authenticate() is ignored. This means if you want to affect autologin so that different users are logged in at different times, based on some external criteria, you must rewrite the lightdm configuration and restart the service each time. One approach would be to add a new key e.g. "autologin-user-pam=true" which would enable autologin and use the PAM_USER returned by pam_authenticate() as the user to log in. It might make sense that if PAM_USER is *not* set by the call to pam_authenticate to fall back to the autologin-user value, or else to disable autologin entirely. To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1371710/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
