Re: Behaviour change in Xorg's xdm between 5.99.5 and 5.99.7

[jnemeth%victoria.tc.ca@localhost (John Nemeth)]

On Jul 4,  4:22pm, "Steven M. Bellovin" wrote:
} On Wed, 11 Feb 2009 18:41:30 -0800
} jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:
} > On Jul 4, 12:27pm, "Steven M. Bellovin" wrote:
} > } On Wed, 11 Feb 2009 21:17:38 +0100
} > } "S.P.Zeidler" <spz%serpens.de@localhost> wrote:
} > } 
} > } > Alas, no; xdm has no use_pam flag, although it might with a little
} > } > bit of work. It's a pure compile option at present.
} > } > (See xsrc/external/mit/xdm/dist/greeter/greet.c mostly)
} > } > 
} > } > The rationale for the behaviour is that with PAM you may get a
} > } > different password prompt, eg for your SSH passphrase or your
} > } > Kerberos passwd, and PAM itself might not know what options to
} > offer } > you until you give it your username.
} > } 
} > } What else will USE_PAM=no in mk.conf affect?  Is that documented
} > } anywhere?
} > 
} >      Every application that does any kind of authentication, i.e.
} > login, su, rlogind, xdm, ssh, third party apps, etc.  In general, it
} > isn't something that I would recommend.  Although it is supposed to
} > work, I wouldn't guarantee that the system will work properly.
} 
} I know what PAM does.  It's just that there is this amorphous set of
} options that I'd expect to be documented in, well, documentation,
} rather than just Makefiles, and I didn't even know which Makefile to
} look at.

     Um, you asked what will USE_PAM=no affect.  The answer is what I
said, every application that does any kind of authentication.

}-- End of excerpt from "Steven M. Bellovin"