Re: [gdm-list] adding a command to externaly fill the username field



Bob Doolittle <Robert Doolittle Sun COM> writes:

>>>>I'd like to be able to fill the username field externaly.
[...]
>>Ok thanks for your answer.
>>Using this given example:
>>http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/modules/pam_permit/pam_permit.c?rev=1.4&view=markup
>>and keeping nobody as "username", i would just have to replace return
>>PAM_SUCCESS (in pam_sm_authenticate) by return PAM_IGNORE ?
>> ("nobody" would be used as username and the next pam module would
>> take care of the password check)
>>Sorry if the question "sounds" silly, the pam module writer guide
>>doesn't look straightforward to me. :)

> Yes it's too bad the interface is so arcane.  Cribbing
> code like this is a good approach.
>
> Eliminate the call to pam_get_user() and handling
> of its return codes.  That's the call that
> actually is causing gdm to prompt you to enter
> your user name (I hope - at least it should be
> assuming gdm is using PAM correctly - if it isn't
> that'll need to be fixed).  Easy experiment at
> least, right?

Yep, And that does the trick.
added a "auth required pam_mytest.so" for gdm and restarted it:
It directly asked for the password.
Thanks !

>>(sorry, this is the last off-topic mail to the gdm list)

> You're certainly not the first person with such a
> question.  People's first gut reaction is to dive
> into gdm and change it.  I'd like to encourage
> people to use pluggable frameworks like PAM where
> possible.  It's more modular, more reusable,
> easier to develop and debug, and eliminates the
> distro dependencies making it easier for you to
> deliver your solution.  Also by not constantly
> tweaking gdm we have a more stable display
> manager in the long run.

Before asking I'm must admit I did search the mailing list archive,
and I found several similar questions :)

> Typically I'd write a simple PAM client to
> initially test my module.  That
> makes testing really easy because you can do
> it in a simple shell environment, use debuggers
> easily and all that good stuff, before trying it
> with gdm.  Maybe your code will be so trivial
> this isn't necessary.

ok.
Now i have to look at other pam librairies to see how I could
implement what i want :)
In fact i'd love to have the features Philippe wants (as described by
Martin here:
http://article.gmane.org/gmane.comp.gnome.gdm.general/210)

hmm from a pam library view, how could it be possible to cancel an
authentication stage ?
ex: user has entered his username, the system is waiting for the
password to be typed so that it can be checked by pam_unix.  from a
pam library view how could i react on an external event, provide
another username and ask the user for the corresponding password ? (to
be checked by pam_unix or something else)

-- 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]