Recording /dev/vt/# in utmpx and using that for PAM_TTY looks like exactly the correct thing to do for the virtual consoles.
Using /dev/console for utmpx and PAM_TTY for the primary (first) console also looks like the correct thing to do. > 3.2 Enhance PAM_TTY and ut_line in utmpx to support display name. > > So the PAM_TTY and the ut_line in utmpx can be directly set > to the display name by the display login manager. What problem is being solved here ? > With regards to the audit terminal ID, it can be extended to > > a) change "terminal ID" to "terminal name" in the audit > record. And the terminal name looks more straightforward > than the digital terminal ID. I don't see what problem is being solved here. > b) encode display name in a proper way to terminal ID, just > like for remote terminal ID: > ai.ai_termid.port = (peer->sin_port<<16 | sock->sin_port); So basically record the port number of the display in the audit record ? If so that sounds okay but who is writing this audit record ? -- Darren J Moffat
