Installing GARNOME on systems that support PAM

From: "Joseph E. Sacco, PhD" <joseph_sacco comcast net>
To: garnome-list gnome org
Subject: Installing GARNOME on systems that support PAM
Date: Sun, 31 Jul 2005 12:10:33 -0400

Some additional custom-install work needs be done for GNOME applications
that use PAM. 

Specifically, 

        * desktop/gdm
        * geektoys/gnome-screensaver

require additional work to install their respective PAM authentication
files in the right place.


Discussion
-----------
Most LINUX variants support LINUX-PAM [Pluggable Authentication Modules]

        http://www.kernel.org/pub/linux/libs/pam/


a suite of shared libraries that enable the local system administrator
to choose how applications authenticate users. 

The PAM library is configured locally with a system file, /etc/pam.conf,
or a series of configuration files located in /etc/pam.d/, to
authenticate a user request via the locally available authentication
modules. The configuration files are owned by ROOT. 

The modules themselves will usually be located in the  directory
/lib/security and take the form of dynamically loadable object files.

Three GARNOME applications use PAM:
* desktop/gdm
* desktop/libgnomesu
* geektoys/gnome-screensaver

Work has already been on the GARNOME makefile for libgnomesu to insure
that its PAM configuration file, gnomesu-pam, is installed by ROOT
under /etc/pam.d.

Note that /etc/pam.d is the default location specified in the libgnomesu
configure file. It may be prudent to actually set the location

        --with-pam-dir=/etc/pam.d

Presently, gdm and gnome-screensaver install their respective PAM
configuration files under the GARNOME install tree

	$(main_sysconfdir)/pam.d

which will lead to an unpleasant surprise if either of these
applications are used.

gdm and gnome-screensaver allow the user to configure where the PAM
files should be installed:

* gdm: 

        --with-pam-prefix=<prefix>   specify where pam files go

* gnome-screensaver: 

        --with-pam-prefix=<prefix>   specify where pam files go

If "--with-pam-prefix" is not specified, the location defaults to 

        $(main_sysconfdir)/pam.d

rather than /etc/pam.d

If "--with-pam-prefix" is set to /etc/pam.d,  the installation will
fail since "we" are not building GARNOME as ROOT.  

So..., more "sudo-voodoo", like what was done in the GARNOME makefile
for libgnomesu, needs to be done for gdm and gnome-screensaver.

One further point to consider... What should be done with the GARNOME
PAM files if an earlier version of the GNOME desktop exists on a system?
Overwriting PAM files would be a very bad thing to do.

-Joseph


-- 
joseph_sacco [at] comcast [dot] net

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]