Darren J Moffat schrieb:
> Alan Coopersmith wrote:

>> What will they need to do?   (For some reason, the community xdm
>> & gdm sources passes the X display as the PAM_TTY value, so we'd
>> either need to change them or add :0 to /etc/securetty.  From
>> looking at the dtlogin code, it appears to pass /dev/console as
>> PAM_TTY.)
> Hmn I wonder how Linux and BSD distros that use gdm deal with this
> one.   From what I remember of gdm it has its own explicit root
> login check, is that still true ?
> Since the PAM item is called PAM_TTY it seems strange to pass
> anything other than a TTY device name in there. 

Linux-PAM has officially (re)defined it that way - and of course that is 
what most community developers develop against:

"PAM_TTY: The terminal name: prefixed by /dev/ if it is a device file; 
for graphical, X-based, applications the value for this item should be 
the $DISPLAY variable."

See the Linux-PAM home-page or the Linux pam(3) man-page:

> I think the
> problem with using :0 rather than /dev/console is that :0 isn't 
> necessarily the system console it could be an Xvnc server or some other 
> non local device server, right ?
> So I think that xdm/gdm/dtlogin should all pass either /dev/console or 
> the /dev/vt/# device they are actually using then pam_securetty works
> exactly the same for gui and non gui login.

- J?rg

Joerg Barfurth           phone: +49 40 23646662 / x66662
Software Engineer        mailto:joerg.barfurth at sun.com
Desktop Technology       http://reserv.ireland/twiki/bin/view/Argus/
Thin Client Software     http://www.sun.com/software/sunray/
Sun Microsystems GmbH    http://www.sun.com/software/javadesktopsystem/

Reply via email to