Darren J Moffat wrote: > Recording /dev/vt/# in utmpx and using that for PAM_TTY looks like > exactly the correct thing to do for the virtual consoles. > > Using /dev/console for utmpx and PAM_TTY for the primary (first) console > also looks like the correct thing to do.
It's obvious for text console sessions. For graphical logins, the display login manager, which sets PAM_TTY and utmpx, currently only knows the display. So Xorg should provide a proper interface for the display login manager to retrieve the virtual console associated with each Xorg. > > > >> 3.2 Enhance PAM_TTY and ut_line in utmpx to support display name. >> >> So the PAM_TTY and the ut_line in utmpx can be directly set >> to the display name by the display login manager. > > > What problem is being solved here ? So the PAM_TTY and the ut_line in utpmx would be unique for each logged in user (even with graphical sessions). > > >> With regards to the audit terminal ID, it can be extended to >> >> a) change "terminal ID" to "terminal name" in the audit >> record. And the terminal name looks more straightforward >> than the digital terminal ID. > > > I don't see what problem is being solved here. Currently the audit terminal ID includes the digital major and minor number of PAM_TTY. So if we choose to use the display name (e.g. ":0") as PAM_TTY, we have to change "terminal ID" to "terminal name" or "display name" in the audit record. Otherwise we have to encode the display name into digital major/minor number as stated below (3.2.b). > > >> b) encode display name in a proper way to terminal ID, just >> like for remote terminal ID: >> ai.ai_termid.port = (peer->sin_port<<16 | sock->sin_port); > > > So basically record the port number of the display in the audit record ? > If so that sounds okay but who is writing this audit record ? the display login manager (dtlogin/gdm). thanks, Riny
