Thanks to everyone for helping to review the ConsoleKit case. I would like to summarize the issues raised so far. I think all of these issues have been answered and resolved. Please let me know if there are any other remaining issues, or if any of the following items need further clarification.
- Darren Moffat suggested that the pam-ck-connector PAM module be delivered. The PAM module will be delivered in the package SUNWconsolekit-pam, so this new package name was added to the Exported Interface table and to section "4.4 packagin & Delivery". I also updated the paragraph about pam_ck_connector in section 4.1.3 as follows: On some Linux systems, the pam_ck_connector is used to ensure that non-graphical logins (e.g. telnet, ssh, etc.) are registered with ConsoleKit. Thus ConsoleKit can be used as a utmp/wtmp replacement since it stores a superset of the information as in the utmp/wtmp database. This PAM module will be delivered in the SUNWconsolekit-pam package, but it will not be referenced in the default /etc/pam.conf(4) file. This way it is available if any users decide to make use of it. - Darren Moffat also suggested that we deliver the /usr/sbin/ck-log-system-start, /usr/sbin/ck-log-system-restart and /usr/sbin/ck-log-system-stop scripts. However, these are intended to be integrated directly into init(1M). Until we have plans to do this, I do not see any value in providing these scripts with the ConsoleKit packages. - Darren Moffat asked why the ck-system-stop script and the ck-system-restart script call "/sbin/init 5" and "/sbin/init 6" instead of "shutdown" as they do on Linux. Rich McAllister said we should use /sbin/init. Refer to the mail log for LSARC 2004/713: http://sac.eng.sun.com/arc/LSARC/2004/713/mail And search for "init 5" or "init 6" In summary he said: > I'd stay away from the reboot and halt commands, these are migrated > from the old SunOS4 compatibility and don't really do everything > you'd want. I'd go for either the SVR4-ish shutdown (not the > /usr/ucb one, even though most people prefer it) or just go > straight to /usr/sbin/init the main difference between "shutdown" > and "init" is that shutdown does a "wall" to notify time sharing > users. Since rebooting/shutting down from the login screen really > only makes sense on a single-user system, there doesn't seem to be > much use for the "wall" So there is no plan to switch to using shutdown unless someone suggests that Rich's recommendation is no longer valid. - Alan Coopersmith had a concern that the CK_SESSION_X11_DISPLAY_DEVICE would not be meaningful to client programs. It was highlighted that this environment variable is only used by the scripts described in section 4.1.4. In other words, the scripts that ConsoleKit runs when a session starts. These environment variables simply pass along the information associated with the session. Since the display device indicates what VT is being used on the console, this could be useful for the session startup script to do special work based on which VT is being used, if desired. - Alan Coopersmith asked why some scripts are installed to /usr/lib and others to /usr/lib/ConsoleKit/scripts. The difference is that the files installs to /usr/lib are libexec programs which would normally be installed to /usr/libexec on Linux. - Alan Coopersmith asked why ConsoleKit looks up the UID and PID of the Xserver process rather than just being informed by GDM. This design prevents the session leader from providing spoofed information. Since the D-Bus OpenSession interface is an unprivileged operation and takes no arguments. When this is used, the entries in the database are filled via doing such probing. The session leader can use the OpenSessionWithParameters and pass in the arguments, and thus avoid ConsoleKit from needing to do such probing. In fact GDM does use OpenSessionWithParameters, but GDM also calls the ck-x11-get-display-device script to figure out what display device is associated with the display and should be passed into OpenSessionWithParameters. When using VT, ck-x11-get-display-device does probe the Xserver to get the VT device name. - Alan Coopersmith asked whether ConsoleKit needs to handle fast reboot and slow reboot. Jedy Wang responded that a separate ARC case is planned for the update of the reboot dialog to take care of this. - Joerg Barfuth suggested that ck-seat-tool allow the user to specify the SeatID to be created when starting a dynamic display. This is desired to ensure that ConsoleKit always maps any saved state to the right device. The project team is currently discussing this option with the upstream maintainers and will add such a feature if it makes sense. Thanks, Brian
