Re: [gdm-list] Should I modify gdm? (I have PAM problems)




Jose:

I believe PAM is used for autologin if you build GDM with PAM support.
Note in daemon/verify-pam.c there are two similar functions,
gdm_verify_user and gdm_verify_setup_user.  The gdm_verify_setup_user
function is used for autologin.  Note the comments in the code.

Brian

Well, this sounds good, only I just realized Autologin doesn't use
PAM! So it looks to me like I'll need to modify GDM manually.
Could any one point me in the right direction as to where in the GDM
source I'd start? All I need to do is programatically start the login
process. All I need is to somehow press that login button and feed it
a phony username and password (and I'll let PAM deal with the
authentication).
Anyone?
Thanks,
Jose G

On 4/26/06, Brian Cameron <Brian Cameron sun com> wrote:
Jose:

To do what you want, you need to write a pam module.  You probably
want it to block and wait in the pam_authenticate function and wait
until you receive a signal.  Then you can fill out the username/
password with the info from Bluetool and GDM won't bother asking
and you'll go straight to login.

If you want the computer to support both bluetooth and normal login
you probably need to start GDM with the normal PAM stack and have a
root owned daemon listening on the bluetooth connection and restart
GDM with the bluetooth stack after you get a request.  Then you
probably need code to cause GDM restart back to normal mode on failure
(bad login, timeout).  You can also hack GDM to support tearing down
and rebuilding the PAM stack instead of just restarting it if you
want to avoid the restart delay.

PAM (Pluggable Authentication Mechanism) modules are well documented
on the internet about how to write them, also check your pam.d or
pam.conf man page.

Let me know if this helps.

Brian


> I'm working on a research project that aims to develop a portable
> authentication platform over bluetooth. Here's the lowdown:
> 1 I walk to my computer, and see the logon prompt
> 2 I whip out my bluetooth-enabled phone, I select the user "bob" from a list > 3 The portable authentication daemon on my PC authenticates with the phone > 4 The daemon sends a call to the logon prompt to logon with the username "bob"
>
> It took me six months to implement this on Windows XP. I had to
> rewrite the GINA and a new Authentication Package from scratch. Now
> I'm looking to do this with Linux using PAM and gdm. My problem is
> that the user needs to be able to use a regular username/password
> along with this bluetooth authentication mechanism. Also, I'd like to
> obviate the need for user-PC interaction (that is, I don't want the
> user to have to press 'enter' to start the bluetooth logon process).
> At the moment, I can't do both. The user either has to press enter, or
> I have to sacrifice normal user/password authentication. This is
> because gdm won't call pam_authenticate until the user presses
> 'enter'. The alternative is to turn on automatic-login, and have
> pam_authenticate sleep until someone authenticates over bluetooth.
> Is there some way I can have my cake and eat it too without having to
> modify gdm directly? I'd like to do this in a clean modular way, if
> possible.
> Thanks,
> Peter R
> _______________________________________________
> gdm-list mailing list
> gdm-list gnome org
> http://mail.gnome.org/mailman/listinfo/gdm-list






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]