Hi, So things don't work perfectly in fedora right now with the new GDM. By default we have a PAM module called pam_console that gives local (at console) users special privileges. In particular, dbus uses these privileges to allow the user to suspend the system (with gnome-power-manager) or set up the network (with NetworkManager). One of the factors pam_console uses in determining if a user is at the console is the value of PAM_TTY. It needs to match a regex specified in /etc/security/console.handlers By default the regex is tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+ and the current code uses "/dev/console" anyway, the regex fails and so log ins with the new gdm are fairly restricted in what they can do (no network manager, no gnome-power-manager, no usb stick automounting etc etc). Long term dbus should be fixed to use ConsoleKit (or maybe PolicyKit with more fine grained control over what actions a user should be able to do), but right now it still depends on pam_console. The attached patch makes things closer to on par with the old gdm. On linux it uses the display name, and on solaris it uses the display tty as gotten from consolekit. We may want to use the display tty on both OS's, although we'd have to strip the "/dev/" on Fedora for it to pass the regex above (or fix the regex). one thing it doesn't get right is remote display. I'm not sure what to do on that front, although I'm thinking it since ConsoleKit already knows about remote sessions, it may make sense to have it give us the value. Not sure, just like it does for local displays with ck-get-x11-display-device Thoughts? Ray
Attachment:
pam_tty.patch
Description: Binary data