[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Behaviour change in Xorg's xdm between 5.99.5 and 5.99.7
On Wed, 11 Feb 2009 20:19:47 -0800
jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:
> On Jul 4, 4:22pm, "Steven M. Bellovin" wrote:
> } On Wed, 11 Feb 2009 18:41:30 -0800
> } jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:
> } > On Jul 4, 12:27pm, "Steven M. Bellovin" wrote:
> } > } On Wed, 11 Feb 2009 21:17:38 +0100
> } > } "S.P.Zeidler" <spz%serpens.de@localhost> wrote:
> } > }
> } > } > Alas, no; xdm has no use_pam flag, although it might with a
> little } > } > bit of work. It's a pure compile option at present.
> } > } > (See xsrc/external/mit/xdm/dist/greeter/greet.c mostly)
> } > } >
> } > } > The rationale for the behaviour is that with PAM you may get a
> } > } > different password prompt, eg for your SSH passphrase or your
> } > } > Kerberos passwd, and PAM itself might not know what options to
> } > offer } > you until you give it your username.
> } > }
> } > } What else will USE_PAM=no in mk.conf affect? Is that documented
> } > } anywhere?
> } >
> } > Every application that does any kind of authentication, i.e.
> } > login, su, rlogind, xdm, ssh, third party apps, etc. In general,
> it } > isn't something that I would recommend. Although it is
> supposed to } > work, I wouldn't guarantee that the system will work
> properly. }
> } I know what PAM does. It's just that there is this amorphous set of
> } options that I'd expect to be documented in, well, documentation,
> } rather than just Makefiles, and I didn't even know which Makefile to
> } look at.
> Um, you asked what will USE_PAM=no affect. The answer is what I
> said, every application that does any kind of authentication.
You're right; I apologize. I was focusing on the second part of my
question -- the documentation issue.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |