Darren J Moffat schrieb:
> Alan Coopersmith wrote:
>> What will they need to do? (For some reason, the community xdm
>> & gdm sources passes the X display as the PAM_TTY value, so we'd
>> either need to change them or add :0 to /etc/securetty. From
>> looking at the dtlogin code, it appears to pass /dev/console as
> Hmn I wonder how Linux and BSD distros that use gdm deal with this
> one. From what I remember of gdm it has its own explicit root
> login check, is that still true ?
> Since the PAM item is called PAM_TTY it seems strange to pass
> anything other than a TTY device name in there.
Linux-PAM has officially (re)defined it that way - and of course that is
what most community developers develop against:
"PAM_TTY: The terminal name: prefixed by /dev/ if it is a device file;
for graphical, X-based, applications the value for this item should be
the $DISPLAY variable."
See the Linux-PAM home-page or the Linux pam(3) man-page:
> I think the
> problem with using :0 rather than /dev/console is that :0 isn't
> necessarily the system console it could be an Xvnc server or some other
> non local device server, right ?
> So I think that xdm/gdm/dtlogin should all pass either /dev/console or
> the /dev/vt/# device they are actually using then pam_securetty works
> exactly the same for gui and non gui login.
Joerg Barfurth phone: +49 40 23646662 / x66662
Software Engineer mailto:joerg.barfurth at sun.com
Desktop Technology http://reserv.ireland/twiki/bin/view/Argus/
Thin Client Software http://www.sun.com/software/sunray/
Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/