Re: Behaviour change in Xorg's xdm between 5.99.5 and 5.99.7

["Steven M. Bellovin" <smb%cs.columbia.edu@localhost>]

On Wed, 11 Feb 2009 20:19:47 -0800
jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:

> On Jul 4,  4:22pm, "Steven M. Bellovin" wrote:
> } On Wed, 11 Feb 2009 18:41:30 -0800
> } jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:
> } > On Jul 4, 12:27pm, "Steven M. Bellovin" wrote:
> } > } On Wed, 11 Feb 2009 21:17:38 +0100
> } > } "S.P.Zeidler" <spz%serpens.de@localhost> wrote:
> } > } 
> } > } > Alas, no; xdm has no use_pam flag, although it might with a
> little } > } > bit of work. It's a pure compile option at present.
> } > } > (See xsrc/external/mit/xdm/dist/greeter/greet.c mostly)
> } > } > 
> } > } > The rationale for the behaviour is that with PAM you may get a
> } > } > different password prompt, eg for your SSH passphrase or your
> } > } > Kerberos passwd, and PAM itself might not know what options to
> } > offer } > you until you give it your username.
> } > } 
> } > } What else will USE_PAM=no in mk.conf affect?  Is that documented
> } > } anywhere?
> } > 
> } >      Every application that does any kind of authentication, i.e.
> } > login, su, rlogind, xdm, ssh, third party apps, etc.  In general,
> it } > isn't something that I would recommend.  Although it is
> supposed to } > work, I wouldn't guarantee that the system will work
> properly. } 
> } I know what PAM does.  It's just that there is this amorphous set of
> } options that I'd expect to be documented in, well, documentation,
> } rather than just Makefiles, and I didn't even know which Makefile to
> } look at.
> 
>      Um, you asked what will USE_PAM=no affect.  The answer is what I
> said, every application that does any kind of authentication.
> 
You're right; I apologize.  I was focusing on the second part of my
question -- the documentation issue.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb