Re: [gdm-list] My questions

From: "Philippe C. Martin" <pmartin snakecard com>
To: gdm-list gnome org, Bob Doolittle <Robert Doolittle Sun COM>
Cc: Brian Cameron <Brian Cameron Sun COM>
Subject: Re: [gdm-list] My questions
Date: Tue, 4 Oct 2005 20:48:31 +0000

Hi Bob,

As I said I'm a newbit here, so help me translate.

quotes from another mail:
> I don't understand your conclusion here.  PAM is
> request-response, but this has nothing to do with wanting a
> username first.  There is no such requirement.  A username
> request/response is no different from any other user
> interaction, and there is no requirement that this be one of
> the interactions.
You are saying that PAM currently _can_ handle hardware events: these event 
might not have identifiers yet, but the architecture is there to handle them.


On Tuesday 04 October 2005 08:36 pm, Bob Doolittle wrote:
> One final note.  One of the really nice byproducts of doing
> smartcard authentication in a PAM module is that you can
> not only affect gdm, but screen lockers as well.  It would
> be pretty sad if we fixed up gdm to allow you to login with
> a smartcard, but once your screen got locked you had to
> type in a password to unlock it.  By doing this in a PAM module,
> and placing that PAM module on both gdm and the screen-locker's
> stack, smartcard-insertion suddenly works for login as well
> as screen unlock.
>
So PAM could "take over" some of gdm's jobs by handle the "please insert your 
card or click on logoff " ?


As two side questions, and assuming I've understood your meaning:

1) how does PAM handle dialogs ?
2) where is the responsibility boundary between gdm and PAM

Regards,

Philippe










> -Bob
>
> Martin Paljak wrote:
> >On Tue, Oct 04, 2005 at 01:25:11PM -0700, Bob Doolittle wrote:
> >>I don't understand your conclusion here.  PAM is
> >>request-response, but this has nothing to do with wanting a
> >>username first.  There is no such requirement.  A username
> >>request/response is no different from any other user
> >>interaction, and there is no requirement that this be one of
> >>the interactions.
> >
> >As I said it was possible that i am wrong. Last time when i worked on this
> >issue it was 2002 i think.. Then i was left with the impression that it
> > was not easy/possible to achive the kind of functionality i hoped for.
> > Maybe i did not dig too deep though or it was just a sad combination of
> > software stacked up so that it did not work so.
> >
> >I'll STFW/RTFM a bit more on the topic.
> >
> >>If *MUSCLE* provides an event notification mechanism for
> >>smartcard-insert, then a PAM module can block waiting for
> >>this event.  When it receives such an event, it can access
> >>the card to read the username, set PAM_USER, then do
> >>whatever other interactions are required.
> >
> >I guess at that time i even didn't work with GDM but pure login
> > services...
> >
> >
> >peace,
> >m.
>
> _______________________________________________
> gdm-list mailing list
> gdm-list gnome org
> http://mail.gnome.org/mailman/listinfo/gdm-list

-- 
*************************************
Philippe C. Martin
SnakeCard, LLC
www.snakecard.com
+1 405 694 8098
*************************************

Follow-Ups:
- Re: [gdm-list] My questions
  - From: Bob Doolittle

References:
- [gdm-list] My questions
  - From: Philippe C. Martin
- Re: [gdm-list] My questions
  - From: Martin Paljak
- Re: [gdm-list] My questions
  - From: Bob Doolittle

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]