Re: [gdm-list] Should I modify gdm? (I have PAM problems)

From: Brian Cameron <Brian Cameron Sun COM>
To: Jose Guillen <prbulk gmail com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Should I modify gdm? (I have PAM problems)
Date: Wed, 26 Apr 2006 21:44:49 -0500

Jose:

To do what you want, you need to write a pam module.  You probably
want it to block and wait in the pam_authenticate function and wait
until you receive a signal.  Then you can fill out the username/
password with the info from Bluetool and GDM won't bother asking
and you'll go straight to login.

If you want the computer to support both bluetooth and normal login
you probably need to start GDM with the normal PAM stack and have a
root owned daemon listening on the bluetooth connection and restart
GDM with the bluetooth stack after you get a request.  Then you
probably need code to cause GDM restart back to normal mode on failure
(bad login, timeout).  You can also hack GDM to support tearing down
and rebuilding the PAM stack instead of just restarting it if you
want to avoid the restart delay.

PAM (Pluggable Authentication Mechanism) modules are well documented
on the internet about how to write them, also check your pam.d or
pam.conf man page.

Let me know if this helps.

Brian

I'm working on a research project that aims to develop a portable
authentication platform over bluetooth. Here's the lowdown:
1 I walk to my computer, and see the logon prompt
2 I whip out my bluetooth-enabled phone, I select the user "bob" from a list
3 The portable authentication daemon on my PC authenticates with the phone
4 The daemon sends a call to the logon prompt to logon with the username "bob"

It took me six months to implement this on Windows XP. I had to
rewrite the GINA and a new Authentication Package from scratch. Now
I'm looking to do this with Linux using PAM and gdm. My problem is
that the user needs to be able to use a regular username/password
along with this bluetooth authentication mechanism. Also, I'd like to
obviate the need for user-PC interaction (that is, I don't want the
user to have to press 'enter' to start the bluetooth logon process).
At the moment, I can't do both. The user either has to press enter, or
I have to sacrifice normal user/password authentication. This is
because gdm won't call pam_authenticate until the user presses
'enter'. The alternative is to turn on automatic-login, and have
pam_authenticate sleep until someone authenticates over bluetooth.
Is there some way I can have my cake and eat it too without having to
modify gdm directly? I'd like to do this in a clean modular way, if
possible.
Thanks,
Peter R
_______________________________________________
gdm-list mailing list
gdm-list gnome org
http://mail.gnome.org/mailman/listinfo/gdm-list

References:
- [gdm-list] Should I modify gdm? (I have PAM problems)
  - From: Jose Guillen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]