Re: Gnome / systemd

From: "Jasper St. Pierre" <jstpierre mecheye net>
To: Patrick Erdmann <patrick perdmann de>
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Gnome / systemd
Date: Mon, 12 Jan 2015 08:46:27 -0800

On Fri, Dec 5, 2014 at 8:58 AM, Patrick Erdmann <patrick perdmann de> wrote:

(this is just a resend message from devuan list... But i would like to get technical answers and no flamewar)

I would like to know how you, as a GNOME Core member, think about systemd -> Gnome and Operating Systems like the BSDs.

And i already asked this in IRC but what is the result you (The Gnome Team) expect. Is the systemd dependency just because of dbus and logind?

The dbus part is the part which i understand. But what is actually the benefit of using logind in comparison to pam.

logind and PAM work well together. In fact, they have some tight integration so logind can do its job correctly:

http://cgit.freedesktop.org/systemd/systemd/tree/src/login/pam_systemd.c

"logind" might be a misnomer, since it doesn't actually do anything related to authentication or authorization.

What logind does do is track logged in sessions, and help manage that in a central location. For instance, when gdm tries to log a user in, we actually double-check with logind and make sure that if they have any existing sessions, that we switch to that. But it's smart enough to not do that switch if you are logged in via a VT or ssh, etc.

When a user tries to shut down, we first make sure that there are no other users logged in, and we query logind for that information.

In the new Wayland world, we actually use logind to keep track of which sessions are on which VTs so we know which VT to switch to when the user hits a keybinding, and use it to hand us device nodes for the display and input systems, which we can't directly open due to permissions.

It's better to do all of this user session tracking in a central component. This used to be done inside a module called "ConsoleKit", but we ran into deep fundamental issues when it wasn't integrated tightly with the init system. That's why it's now part of systemd.

Some people haven't liked this approach, and have forked ConsoleKit to make "ConsoleKit2". GNOME doesn't officially support the ConsoleKit APIs anymore, but these community members also have patches to add it back in, based on our old ConsoleKit implementation.

What PAM handles is the authentication part of logging in. It allows people to make "pluggable authentication modules" so people can prove who they are who they say they are, through passwords, remote lookup, two-factor authentication, or even a game of rock paper scissors ( https://github.com/nalind/pam_rps ).

--
Mit freundlichen Grüßen

Patrick Erdmann

XMPP/Mail: patrick perdmann de
_______________________________________________
desktop-devel-list mailing list
desktop-devel-list gnome org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Jasper

Follow-Ups:
- Re: Gnome / systemd
  - From: Patrick Erdmann

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]