Bugzilla – Bug 192400
gdm does not use xdm pam service
Last modified: 2008-06-25 09:23:09 UTC
gdm contains copies of the xdm and xdm-np pam config files as gdm and gdm-autologin. Since xdm, wdm and kdm all use the xdm service gdm should do so as well.
Stanislav, is there a historical reason for this?
It was created in past and never revised to the new style. We can keep gdm* PAM files and include xdm there or change code to use xdm. The first can have reason, if we will want to do something gdm specific (differences password dialogs, maybe pam-keyring,...).
Would you prefer /etc/pam.d/gdm which includes xdm or code change to use /etc/pam.d/xdm. Note that there does not exist corresponding xdm-autologin. Related: bug 186189
I don't mind. The autologin xdm config is called xdm-np and is only used by kdm I think so if you are worried about the name it could easily be changed.
/etc/pam.d/xdm-np is part of kdebase3-kdm. It has to be moved e. g. to xorg-x11 to be usable for gdm.
Reassigning to X maintainer. If /etc/pam.d/xdm-np (or xdm-autologin or any other file of this meaning) will be packaged as part of X or any other package installed by default in the graphical environment, please reassign it back. gdm cannot depend of kdebase3-kdm and cannot install file, which conflicts with /etc/pam.d/xdm-np.
I'm not aware of any xdm-autologin file. I can take over xdm-np if this is ok with the kdebase3-kdm maintainer.
I guess that xdm-np is an be equivalent of gdm-autologin. If it is true, "-np" looks more ugly than "-autologin", which is self descriptive. It's your decision, how to name this file.
Ok, I see.
Still no information by kde-maintainers@suse.de. Therefore reassigning.
kdm hardcodes %s-np and I don't want to differ from upstream in that regard.
I've now added xdm-np to xorg-x11 package. Coolo, please remove it from kdebaes3-kdm. Stanislav, please remove xdm-autologin from gdm package and make use of xdm-np. Reassigning to Coolo. Please reassign to Stanislav after changing kdebase3-kdm accordingly.
Note about gdm.autologin: There may be required also SuSEconfig change, because SuSEconfig.gdm edits gdm-autologin to enable/disable passwordless login. We will probably postpone gdm change to use xdm-np to 10.3. But it should not affect current package change of xdm-np file.
Ok with me. There's no SuSEconfig.xdm any more.
What use does autologin with required password have? anyway, in the light of "no more suseconfig" it sounds more useful to have two pam services and switch gdm depending on the value in sysconfig
It saves typing of username and brings some level of security, e. g. for notebooks. Additionally, paswordless autologin cannot work with crypted or protected remote filesystems and also cannot unlock gnome-keyring. Even in autologin mode, gdm displays any PAM requests, if there are any.
done for kdm
Stanislav, gdm still includes xdm-autologin (see comment #12).
No. It uses gdm-autologin. To support password protected autologin, I need to edit it. So I see following two chances: 1. Keep gdm resp. gdm-autologin and include xdm resp. xdm-np from there. 2. Remove gdm and gdm-autologin and change SuSEconfig.gdm to modify xdm-np. If we will use 2., it will require to test, whether it will not break kdm. If we will use 1., I have to check, whether it is technically possible to include xdm-np and require password in gdm, if it is configured so.
Ok. I would prefer 1. - if technically possible.
Egbert, JFYI. Since Matthias or me is in Cc of this bugreport or the reported itself, it might be interesting for you as well.
JFYI, Matthias. This is a bugreport, which is assigned to Egbert/me or with Egbert/me in CC or reported by Egbert/me.
Still not done for 10.3. gdm needs to play with PAM configuration for password less login. Is DISPLAYMANAGER_PASSWORD_LESS_LOGIN implemented in the same way in kdm? If yes, we can do it just now (and do a change in SuSEconfig.gdm). If no, we can't do it because gdm could require different configuration.
NO, it does not. See also #307566
Then we cannot fix it yet, unless these two issues will get a solution: - Password less login needs pam_permit in gdm, but not in xdm. If pam_permit (and no pam login dialog) causes no problems for other display managers, then we probably can do this change depending on sysconfig values. - Wee need a solution for pam-keyring (bug 186189).
huh? why do you edit the pam config file? gdm switches between 'gdm' and 'gdm-autologin' all by itself based on the config setting "daemon/AutomaticLoginEnable". So if AutomaticLoginEnable=false then gdm-autologin isn't used at all, no need to edit it.
I am switching to provide password-less login, not autologin. In gdm terms, these are different things: autologin provides automatic login of selected users: implemented by switching betweek gdm/gdm-autologin password less login provides standard user prompt, but not asks for password: implemented by modification of /etc/pam.d/gdm
mass reopening all 10.2 LATER+REMIND bugs.
close all 10.2 LATER/REMIND bugs as WONTFIX. Reopen yourself if you still plan to work on it.