Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#932047: lightdm: greeter session support for elogind
34 views
Skip to first unread message
Mark Hindley
Jul 14, 2019, 8:10:02 AM7/14/19
to
Package: lightdm
Severity: normal
Tags: patch
Yves-Alexis,
Many thanks for updating lightdm's dependencies to use the new logind virtual
packages in closing #922160.
However, the necessary adjustments to the PAM configuration for lightdm-greeter
are still outstanding.
My testing indicates that in order for lightdm greeter's Suspend, Hibernate,
Restart and Shut Down buttons to be enabled, the greeter itself needs to
register a logind session.
For elogind based systems this could be implemented by adding
session optional pam_elogind.so
to /etc/pam.d/lightdm-greeter
Or, alternatively and perhaps better for the future, whichever logind
implementation is enabled through pam-auth could be used by sourcing the PAM
common-session.
Patches implementing both of these approaches are attached.
Many thanks,
Mark
Severity: normal
Tags: patch
Yves-Alexis,
Many thanks for updating lightdm's dependencies to use the new logind virtual
packages in closing #922160.
However, the necessary adjustments to the PAM configuration for lightdm-greeter
are still outstanding.
My testing indicates that in order for lightdm greeter's Suspend, Hibernate,
Restart and Shut Down buttons to be enabled, the greeter itself needs to
register a logind session.
For elogind based systems this could be implemented by adding
session optional pam_elogind.so
to /etc/pam.d/lightdm-greeter
Or, alternatively and perhaps better for the future, whichever logind
implementation is enabled through pam-auth could be used by sourcing the PAM
common-session.
Patches implementing both of these approaches are attached.
Many thanks,
Mark
Mark Hindley
Apr 5, 2020, 5:30:03 AM4/5/20
to
Hello,
Just a gentle nudge on this.
On Sun, 14 Jul 2019 12:59:32 +0100 Mark Hindley <ma...@hindley.org.uk> wrote:
> Patches implementing both of these approaches are attached.
I would be grateful if you could adopt one or other of these so that they can be
more widely tested well in advance of the freeze.
Thanks
Mark
Just a gentle nudge on this.
On Sun, 14 Jul 2019 12:59:32 +0100 Mark Hindley <ma...@hindley.org.uk> wrote:
> Patches implementing both of these approaches are attached.
more widely tested well in advance of the freeze.
Thanks
Mark
Fabian Schaar
Oct 8, 2022, 12:40:03 PM10/8/22
to
Hey there,
I highly agree with Mark on this suggestion, since I ran into the exact
same problem after the installation of an alternative init system on
Debian Bullseye via the chroot method using d-i (first sysvinit, then
OpenRC). After adding the proposed line to /etc/pam.d/lightdm-greeter
(and commenting out the pam_systemd one), everything worked fine.
Best regards,
Fabian
I highly agree with Mark on this suggestion, since I ran into the exact
same problem after the installation of an alternative init system on
Debian Bullseye via the chroot method using d-i (first sysvinit, then
OpenRC). After adding the proposed line to /etc/pam.d/lightdm-greeter
(and commenting out the pam_systemd one), everything worked fine.
Best regards,
Fabian
Mark Hindley
Oct 9, 2022, 5:10:04 AM10/9/22
to
Hi Yves-Alexis,
With another user bumping into this issue, I am keen to have it resolved in
bookworm.
I think adding
session optional pam_elogind.so
to /etc/pam.d/lighdm-greeter is the best and correct fix.
I know you have been reluctant in the past, but would you consider it again.
Alternatively, I am happy to offer an NMU?
Best wishes and thanks.
Mark
With another user bumping into this issue, I am keen to have it resolved in
bookworm.
I think adding
session optional pam_elogind.so
to /etc/pam.d/lighdm-greeter is the best and correct fix.
I know you have been reluctant in the past, but would you consider it again.
Alternatively, I am happy to offer an NMU?
Best wishes and thanks.
Mark
Yves-Alexis Perez
Oct 9, 2022, 8:00:03 AM10/9/22
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 2022-10-09 at 10:03 +0100, Mark Hindley wrote:
> Hi Yves-Alexis,
>
> With another user bumping into this issue, I am keen to have it resolved in
> bookworm.
>
> I think adding
>
> session optional pam_elogind.so
>
> to /etc/pam.d/lighdm-greeter is the best and correct fix.
>
> I know you have been reluctant in the past, but would you consider it again.
Hi Mark,
for some reason it seems I never actually replied to this bug, sorry. I might
have replied on different bugs, but I'm not really keen on modifying pam
files, especially for specific / non-default stuff.
Do you know what are the opinion of PAM people and systemd-logind people on
that? It might be nice to have them chime in. Also not sure how this thing is
handled on other DM, any idea?
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmNCtLAACgkQ3rYcyPpX
RFuVzgf/ZUcNnSJTge42ZSCEvgRnwwjlCZw595S3MlZlSjQfRjPZfU2mitNvfs7u
WZqXUEF1H+KoFeGF5IUEwoWYAK62KXz/9aTmO44kz6kTJKVy4JT8Lv/XWer7jkXN
Ku1q62VcPxwilWYgiOyX4YVPfWgFrD7N/DJ+/04lpZHASqvPh+hrjR6wK4SIl1OH
+WCoRTtgaRw/bRaXL0STpPFi2BhzBsXRyQTcNgbjFRrXLOU2u4fBAb3g60V0aGxP
ZU0FdjYbwsTkI875rd2t0fN6uURU6AtrFE+L0vaAfpbxCWtdkG41RlotvfiNzJ6L
F42WnwLeOsWT4uQ6/MeEWm8+JcLXKA==
=YNpO
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, 2022-10-09 at 10:03 +0100, Mark Hindley wrote:
> Hi Yves-Alexis,
>
> With another user bumping into this issue, I am keen to have it resolved in
> bookworm.
>
> I think adding
>
> session optional pam_elogind.so
>
> to /etc/pam.d/lighdm-greeter is the best and correct fix.
>
> I know you have been reluctant in the past, but would you consider it again.
for some reason it seems I never actually replied to this bug, sorry. I might
have replied on different bugs, but I'm not really keen on modifying pam
files, especially for specific / non-default stuff.
Do you know what are the opinion of PAM people and systemd-logind people on
that? It might be nice to have them chime in. Also not sure how this thing is
handled on other DM, any idea?
>
> Alternatively, I am happy to offer an NMU?
Please refrain for now.
> Alternatively, I am happy to offer an NMU?
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmNCtLAACgkQ3rYcyPpX
RFuVzgf/ZUcNnSJTge42ZSCEvgRnwwjlCZw595S3MlZlSjQfRjPZfU2mitNvfs7u
WZqXUEF1H+KoFeGF5IUEwoWYAK62KXz/9aTmO44kz6kTJKVy4JT8Lv/XWer7jkXN
Ku1q62VcPxwilWYgiOyX4YVPfWgFrD7N/DJ+/04lpZHASqvPh+hrjR6wK4SIl1OH
+WCoRTtgaRw/bRaXL0STpPFi2BhzBsXRyQTcNgbjFRrXLOU2u4fBAb3g60V0aGxP
ZU0FdjYbwsTkI875rd2t0fN6uURU6AtrFE+L0vaAfpbxCWtdkG41RlotvfiNzJ6L
F42WnwLeOsWT4uQ6/MeEWm8+JcLXKA==
=YNpO
-----END PGP SIGNATURE-----
Mark Hindley
Oct 9, 2022, 8:30:03 AM10/9/22
to
Yves-Alexis,
On Sun, Oct 09, 2022 at 01:46:56PM +0200, Yves-Alexis Perez wrote:
> for some reason it seems I never actually replied to this bug, sorry.
No worries.
> I might have replied on different bugs, but I'm not really keen on modifying
> pam files, especially for specific / non-default stuff.
Yes, I remember that from our previous discussions.
> Do you know what are the opinion of PAM people and systemd-logind people on
> that?
Added to CC:
Dear Steve and Sam as PAM maintainers,
I am wanting to add libpam-elogind support to lightdm-greeter. Currently
/etc/pam.d/lightdm-greeter hooks logind directly with
session optional pam_systemd.so
I have proposed two patches: either to add
session optional pam_elogind.so
or replace both with
@include common-session
Yves-Alexis is understandably cautious about changing the PAM configuration. Do
you have any thoughts, advice or comments on which might be the most appropriate?
Thanks
> It might be nice to have them chime in. Also not sure how this thing is
> handled on other DM, any idea?
A quick look shows most use '@include common-session'. AFAICS that is the case for
gdm3: /etc/pam.d/gdm-password
sddm: /etc/pam.d/sddm-greeter
xdm: /etc/pam.d/xdm
slim: /etc/pam.d/slim (although it doesn't use logind interfaces)
AFAICS lxdm doesn't use logind at all.
HTH.
Best wishes
Mark
On Sun, Oct 09, 2022 at 01:46:56PM +0200, Yves-Alexis Perez wrote:
> for some reason it seems I never actually replied to this bug, sorry.
> I might have replied on different bugs, but I'm not really keen on modifying
> pam files, especially for specific / non-default stuff.
> Do you know what are the opinion of PAM people and systemd-logind people on
> that?
Dear Steve and Sam as PAM maintainers,
I am wanting to add libpam-elogind support to lightdm-greeter. Currently
/etc/pam.d/lightdm-greeter hooks logind directly with
session optional pam_systemd.so
I have proposed two patches: either to add
session optional pam_elogind.so
or replace both with
@include common-session
Yves-Alexis is understandably cautious about changing the PAM configuration. Do
you have any thoughts, advice or comments on which might be the most appropriate?
Thanks
> It might be nice to have them chime in. Also not sure how this thing is
> handled on other DM, any idea?
gdm3: /etc/pam.d/gdm-password
sddm: /etc/pam.d/sddm-greeter
xdm: /etc/pam.d/xdm
slim: /etc/pam.d/slim (although it doesn't use logind interfaces)
AFAICS lxdm doesn't use logind at all.
HTH.
Best wishes
Mark
Yves-Alexis Perez
Oct 10, 2022, 10:00:03 AM10/10/22
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Sun, 2022-10-09 at 13:22 +0100, Mark Hindley wrote:
> > It might be nice to have them chime in. Also not sure how this thing is
> > handled on other DM, any idea?
>
> A quick look shows most use '@include common-session'. AFAICS that is the
> case for
>
> gdm3: /etc/pam.d/gdm-password
> sddm: /etc/pam.d/sddm-greeter
> xdm: /etc/pam.d/xdm
> slim: /etc/pam.d/slim (although it doesn't use logind interfaces)
>
> AFAICS lxdm doesn't use logind at all.
Thanks. I seem to recall that our pam configuration comes from gdm3 but maybe
> > It might be nice to have them chime in. Also not sure how this thing is
> > handled on other DM, any idea?
>
> A quick look shows most use '@include common-session'. AFAICS that is the
> case for
>
> gdm3: /etc/pam.d/gdm-password
> sddm: /etc/pam.d/sddm-greeter
> xdm: /etc/pam.d/xdm
> slim: /etc/pam.d/slim (although it doesn't use logind interfaces)
>
> AFAICS lxdm doesn't use logind at all.
it evolved since them or maybe there's a discrepancy between the greeter and
the user configurations.
In any case, let's check what PAM people reply, but I think we might end up
with the @include common-session part (I'm unsure if the *greeter* should have
a common configuration but maybe it's ok).
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
RFupawf+NinPdWdmpZUHKAnKYbyZQ73AkxYkWa7hbQO39tplye6OZrCQPjAhUnUS
ODOfUhDJ8K+2lqV1Imhj4P7mQ568YuufZNDFtvsSugOQDHDylKgnI74E4pm8xpb2
lm1Pqfr6PeE3VrsiQkkiJfyqlyxwRLhjFnAXsLkSVWFsnegjwlgnAfcvpCDiIEta
h7JOjzMsWvhaH4FYZoFHvalQ6vQooRJe6BSsZ5AFfp2UNy6XXmHVVlXVk7PYp5sV
yRz/d0EZqjSWNCsnROL0AwWCtW0O3hKDHLo7VW3QFaJOC9m0abxsOIstW7ngxodu
v182m8DY2wjlUIKlL5MquYhv0kCaxg==
=1RY6
-----END PGP SIGNATURE-----
Sam Hartman
Oct 11, 2022, 12:10:04 PM10/11/22
to
Hi.
If including common-session will work, I think that's a good improvement
for everyone.
It is closer to best practice, and it means that as PAM profiles are
added over time, they will work for lightdm as well.
Whether that works depends on the architecture of the greeter.
If the greeter has one process that does the initial authentication and
then forks off an entire different set of processes not descended from
the greeter that run the session, then including common-session might
not work so well.
I'm kind of confused though because it looks like 1.26.0-8's sources
already include common-session in data/pam/lightdm.
Yves-Alexis Perez
Oct 11, 2022, 2:40:04 PM10/11/22
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Tue, 2022-10-11 at 10:02 -0600, Sam Hartman wrote:
> If including common-session will work, I think that's a good improvement
> for everyone.
> It is closer to best practice, and it means that as PAM profiles are
> added over time, they will work for lightdm as well.
Ok, but...
> If including common-session will work, I think that's a good improvement
> for everyone.
> It is closer to best practice, and it means that as PAM profiles are
> added over time, they will work for lightdm as well.
>
> Whether that works depends on the architecture of the greeter.
> If the greeter has one process that does the initial authentication and
> then forks off an entire different set of processes not descended from
> the greeter that run the session, then including common-session might
> not work so well.
That's the case.
> Whether that works depends on the architecture of the greeter.
> If the greeter has one process that does the initial authentication and
> then forks off an entire different set of processes not descended from
> the greeter that run the session, then including common-session might
> not work so well.
>
> I'm kind of confused though because it looks like 1.26.0-8's sources
> already include common-session in data/pam/lightdm.
Yes, because there are two PAM sessions:
> I'm kind of confused though because it looks like 1.26.0-8's sources
> already include common-session in data/pam/lightdm.
- - one for the greeter itself, running as the lightdm user
- - one for the logged in user
The user session already includes common-session but the greeter itself uses a
more stripped PAM configuration since it's only used for the login screen. So
I'm unsure if an “interactive user” PAM session is really a good idea here.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
RFu7BAgAoWJnJlzOocZHXVF1fZpYHPkHytKbvCWlm22qcSuEsdg+sBlKN+UtNK2n
xnb1oY4qffVtCORVNicKlwP+3OuL8WsW9vwHpni3V3oLuMoG474dT3iP9YGc2nW8
tgeK1TNpUuYiNGGGwcoUI+NlJY8mqYmbOxNVrbGNz7M7fLnd4jDPNdzCfh00bxMQ
W/MR5n/C+DlfXmoG+CQBudKRQpbNqXxl/POm2lphmf4do+oVfpFT7CPekwvzyp/H
/eHEV/rkjPTRzDnlsuhKSsLWebK9+ye+gUJfUJLDc6Hrx3RVnr4ZULKrrtbMg5d+
JivFke0rBEELT4xJUhEQukxRUo12Rw==
=+dab
-----END PGP SIGNATURE-----
Sam Hartman
Oct 11, 2022, 5:40:04 PM10/11/22
to
>>>>> "Yves-Alexis" == Yves-Alexis Perez <cor...@debian.org> writes:
I think we want something there that allows people to get third-party
packages into the pam config.
If common-session isn't going to be good enough, then I guess we'd need
to create something on the PAM side.
But let's explore whether common-session is good enough, because it does
look like other display managers have similar architecture and manage to
use common-session.
Here are my thoughts on testing common-session in the greeter config:
* Take a look at how things appear in logind--does the greeter appear as
a session? If so does anything break because of that? (Withd Gnome,
the greeter does not appear to appear in loginctl list-sessions)
* What selinux context do things appear in. This only matters if
selinux is already in your testing structure
* Does the structure of keyrings look like you expect.
* Do you end up with a systemd for the greeter user (assuming you are
using systemd). If so, do you want one?
My suspicion is that since this appears to be working for other display
managers, it's all fine.
But those are the areas where trouble is most likely to show up.
I think we want something there that allows people to get third-party
packages into the pam config.
If common-session isn't going to be good enough, then I guess we'd need
to create something on the PAM side.
But let's explore whether common-session is good enough, because it does
look like other display managers have similar architecture and manage to
use common-session.
Here are my thoughts on testing common-session in the greeter config:
* Take a look at how things appear in logind--does the greeter appear as
a session? If so does anything break because of that? (Withd Gnome,
the greeter does not appear to appear in loginctl list-sessions)
* What selinux context do things appear in. This only matters if
selinux is already in your testing structure
* Does the structure of keyrings look like you expect.
* Do you end up with a systemd for the greeter user (assuming you are
using systemd). If so, do you want one?
My suspicion is that since this appears to be working for other display
managers, it's all fine.
But those are the areas where trouble is most likely to show up.
Mark Hindley
Oct 16, 2022, 7:00:04 AM10/16/22
to
Sam,
Thanks for this, very helpful.
I have again tested both approaches and they both work and I can find no
breakage.
On Tue, Oct 11, 2022 at 03:30:12PM -0600, Sam Hartman wrote:
> I think we want something there that allows people to get third-party
> packages into the pam config.
> If common-session isn't going to be good enough, then I guess we'd need
> to create something on the PAM side.
> But let's explore whether common-session is good enough, because it does
> look like other display managers have similar architecture and manage to
> use common-session.
Testing with @include common-session:
test@debian-sid:~$ ps -Alf|grep lightdm
4 S root 23261 1 0 80 0 - 58787 - 11:04 ? 00:00:00 /usr/sbin/lightdm
4 S root 23266 23261 2 80 0 - 80210 - 11:04 tty7 00:00:25 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
4 S root 23327 23261 0 80 0 - 40649 - 11:05 ? 00:00:01 lightdm --session-child 15 26
0 S test 23435 23432 0 80 0 - 1627 - 11:18 pts/1 00:00:00 grep lightdm
> Here are my thoughts on testing common-session in the greeter config:
>
> * Take a look at how things appear in logind--does the greeter appear as
> a session? If so does anything break because of that? (Withd Gnome,
> the greeter does not appear to appear in loginctl list-sessions)
Neither for lightdm-greeter:
test@debian-sid:~$ loginctl list-sessions
SESSION UID USER SEAT TTY
1 1000 test seat0 tty1
7 1000 test seat0
2 sessions listed.
> * What selinux context do things appear in. This only matters if
> selinux is already in your testing structure
I am not sure I have quite understood this, which testing structure are you
referring to here? SElinux is not in /etc/pam.d/lightddm-greeter, only
/etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin.
> * Does the structure of keyrings look like you expect.
>
> * Do you end up with a systemd for the greeter user (assuming you are
> using systemd). If so, do you want one?
No
test@debian-sid:~$ ps -Alf | grep systemd
4 S root 1 0 0 80 0 - 42151 - 09:19 ? 00:01:04 /lib/systemd/systemd --system --deserialize 37
4 S message+ 342 1 0 80 0 - 2309 - 09:19 ? 00:00:09 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
4 S root 345 1 0 80 0 - 3598 - 09:19 ? 00:00:05 /lib/systemd/systemd-logind
4 S test 437 1 0 80 0 - 3906 - 09:30 ? 00:00:08 /lib/systemd/systemd --user
4 S root 6919 1 0 80 0 - 12319 - 09:43 ? 00:00:16 /lib/systemd/systemd-journald
4 S systemd+ 11560 1 0 80 0 - 22504 - 10:05 ? 00:00:02 /lib/systemd/systemd-timesyncd
4 S root 11591 1 0 80 0 - 6236 - 10:05 ? 00:00:06 /lib/systemd/systemd-udevd
0 S test 23149 437 0 80 0 - 2278 - 10:54 ? 00:00:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
0 S test 23439 23432 0 80 0 - 1627 - 11:18 pts/1 00:00:00 grep systemd
> My suspicion is that since this appears to be working for other display
> managers, it's all fine.
It seems that way to me as well.
> But those are the areas where trouble is most likely to show up.
Thanks
Best wishes
Mark
Thanks for this, very helpful.
I have again tested both approaches and they both work and I can find no
breakage.
On Tue, Oct 11, 2022 at 03:30:12PM -0600, Sam Hartman wrote:
> I think we want something there that allows people to get third-party
> packages into the pam config.
> If common-session isn't going to be good enough, then I guess we'd need
> to create something on the PAM side.
> But let's explore whether common-session is good enough, because it does
> look like other display managers have similar architecture and manage to
> use common-session.
test@debian-sid:~$ ps -Alf|grep lightdm
4 S root 23261 1 0 80 0 - 58787 - 11:04 ? 00:00:00 /usr/sbin/lightdm
4 S root 23266 23261 2 80 0 - 80210 - 11:04 tty7 00:00:25 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
4 S root 23327 23261 0 80 0 - 40649 - 11:05 ? 00:00:01 lightdm --session-child 15 26
0 S test 23435 23432 0 80 0 - 1627 - 11:18 pts/1 00:00:00 grep lightdm
> Here are my thoughts on testing common-session in the greeter config:
>
> * Take a look at how things appear in logind--does the greeter appear as
> a session? If so does anything break because of that? (Withd Gnome,
> the greeter does not appear to appear in loginctl list-sessions)
test@debian-sid:~$ loginctl list-sessions
SESSION UID USER SEAT TTY
1 1000 test seat0 tty1
7 1000 test seat0
2 sessions listed.
> * What selinux context do things appear in. This only matters if
> selinux is already in your testing structure
referring to here? SElinux is not in /etc/pam.d/lightddm-greeter, only
/etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin.
> * Does the structure of keyrings look like you expect.
>
> * Do you end up with a systemd for the greeter user (assuming you are
> using systemd). If so, do you want one?
test@debian-sid:~$ ps -Alf | grep systemd
4 S root 1 0 0 80 0 - 42151 - 09:19 ? 00:01:04 /lib/systemd/systemd --system --deserialize 37
4 S message+ 342 1 0 80 0 - 2309 - 09:19 ? 00:00:09 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
4 S root 345 1 0 80 0 - 3598 - 09:19 ? 00:00:05 /lib/systemd/systemd-logind
4 S test 437 1 0 80 0 - 3906 - 09:30 ? 00:00:08 /lib/systemd/systemd --user
4 S root 6919 1 0 80 0 - 12319 - 09:43 ? 00:00:16 /lib/systemd/systemd-journald
4 S systemd+ 11560 1 0 80 0 - 22504 - 10:05 ? 00:00:02 /lib/systemd/systemd-timesyncd
4 S root 11591 1 0 80 0 - 6236 - 10:05 ? 00:00:06 /lib/systemd/systemd-udevd
0 S test 23149 437 0 80 0 - 2278 - 10:54 ? 00:00:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
0 S test 23439 23432 0 80 0 - 1627 - 11:18 pts/1 00:00:00 grep systemd
> My suspicion is that since this appears to be working for other display
> managers, it's all fine.
> But those are the areas where trouble is most likely to show up.
Best wishes
Mark
Yves-Alexis Perez
Oct 22, 2022, 8:10:04 AM10/22/22
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Sun, 2022-10-16 at 11:49 +0100, Mark Hindley wrote:
> > My suspicion is that since this appears to be working for other display
> > managers, it's all fine.
>
> It seems that way to me as well.
I'm not sure other display managers handle the greeters the same way (running
> > My suspicion is that since this appears to be working for other display
> > managers, it's all fine.
>
> It seems that way to me as well.
under their own uid and stuff like that), so I'm unsure if we can really
compare that.
But if it seems that there is no breakage (and hopefully no bad side effects
we don't see yet) I guess we'll be able to update the pam configuration to
uses includes as well at some point.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
RFtntAf+PrX+vI64PMhmD05GD1A07Y438fJRf5aMkYIPa8n5X1Yc53//SktpHaow
lK07jJurXvyjxQRY3GviHP14ZQfqAgOhln7pDqqIkr+9QKxkNxAZKAJ4W6lKZrGo
VAqas/Qxat+ImO694snxyYDUWnCNgZA7DL+3kxtaHsN9GbTbfDj1h2ghQRKUOA6K
+yQWPq7owks1YzGgcLgLch0Mj7T9XI82J88tJ04iZXBsl3SMVe7/Xr2aSt2HmzRq
sUNAlWlgGJ3RlK7DUPcue3SnSRYc8Y8xChEuAQC3HWS3SmVBCeqQPmOrke1ipk3I
HCcdh98sBi44tSAW65/B+jBGTDyGlw==
=Rw/9
-----END PGP SIGNATURE-----
Sam Hartman
Oct 24, 2022, 12:50:03 PM10/24/22
to
Yves-Alexis> I'm not sure other display managers handle the greeters
Yves-Alexis> the same way (running under their own uid and stuff
Yves-Alexis> like that), so I'm unsure if we can really compare
Yves-Alexis> that.
gdm does.
Yves-Alexis> the same way (running under their own uid and stuff
Yves-Alexis> like that), so I'm unsure if we can really compare
Yves-Alexis> that.
gdm does.
Mark Hindley
Jul 1, 2023, 6:40:05 AM7/1/23
to
Yves-Alexis,
On Sat, Oct 22, 2022 at 01:59:33PM +0200, Yves-Alexis Perez wrote:
> But if it seems that there is no breakage (and hopefully no bad side effects
> we don't see yet) I guess we'll be able to update the pam configuration to
> uses includes as well at some point.
A gentle reminder this is still unresolved. Early in the Trixie cycle seems a
good time to implement it and allow maximum time for testing and resolution of
any outstanding issues.
Many thanks.
Mark
On Sat, Oct 22, 2022 at 01:59:33PM +0200, Yves-Alexis Perez wrote:
> But if it seems that there is no breakage (and hopefully no bad side effects
> we don't see yet) I guess we'll be able to update the pam configuration to
> uses includes as well at some point.
good time to implement it and allow maximum time for testing and resolution of
any outstanding issues.
Many thanks.
Mark
0 new messages