Recording /dev/vt/# in utmpx and using that for PAM_TTY looks like
exactly the correct thing to do for the virtual consoles.

Using /dev/console for utmpx and PAM_TTY for the primary (first) console
also looks like the correct thing to do.


>     3.2 Enhance PAM_TTY and ut_line in utmpx to support display name.
>         
>         So the PAM_TTY and the ut_line in utmpx can be directly set
>         to the display name by the display login manager.

What problem is being solved here ?

>         With regards to the audit terminal ID, it can be extended to
> 
>         a) change "terminal ID" to "terminal name" in the audit
>            record. And the terminal name looks more straightforward
>            than the digital terminal ID.

I don't see what problem is being solved here.

>         b) encode display name in a proper way to terminal ID, just
>            like for remote terminal ID:
>            ai.ai_termid.port = (peer->sin_port<<16 | sock->sin_port);

So basically record the port number of the display in the audit record ?
 If so that sounds okay but who is writing this audit record ?


-- 
Darren J Moffat

Reply via email to