[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modul
|
From: |
Andy Wingo |
|
Subject: |
Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules |
|
Date: |
Wed, 26 Aug 2015 09:21:07 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
On Tue 25 Aug 2015 23:39, address@hidden (Ludovic Courtès) writes:
> Andy Wingo <address@hidden> skribis:
>
>> On Tue 25 Aug 2015 16:55, address@hidden (Ludovic Courtès) writes:
>>
>>> (operating-system
>>> ;; ...
>>> (pam-services (map (lambda (service)
>>> (pam-service
>>> (inherit service)
>>> (session (cons ...))))
>>> (base-pam-services))))
>>>
>> How would that work for other services like slim, mingetty, etc?
>
> Oh, it wouldn’t.
>
> Just to help me understand, could you explain the typical use case you
> have in mind?
Sure. So right now on a Guix system you have /etc/pam.d, and it
contains configurations for all services that interact with PAM.
Notably there is "login", for console login, but also slim and lsh.
Elogind wants to know about all user sessions so it should add a
"session required /path/to/pam_elogind.so" line to all files in
/etc/pam.d. This causes login and logout to signal elogind.
That's how I ended up adding #:additional-session-modules to all the
other services: mingetty, slim, lsh.
I don't know what the right design is. I think ideally anything that
would log in would include some central file rather than having to
repeat the rules everywhere.
Andy
[PATCH v2 4/7] gnu: polkit: Use elogind for seat management., Andy Wingo, 2015/08/20