Bug#661745: Please enable pam_loginuid by default

Wed, 29 Feb 2012 14:27:18 -0800 

Package: libpam-runtime
Version: 1.1.3-7
Severity: wishlist

Hi,

please consider enabling pam_loginuid by default.
consolekit relies on that information to setup a correct
login-session-id property and a correct context in case the X session is
started via startx.

With pam_loginuid:
Session1:
        unix-user = '0'
        realname = 'root'
        seat = 'Seat1'
        session-type = ''
        active = FALSE
        x11-display = ''
        x11-display-device = ''
        display-device = '/dev/tty1'
        remote-host-name = ''
        is-local = TRUE
        on-since = '2012-02-29T22:18:56.526879Z'
        login-session-id = '2'
Session2:
        unix-user = '1000'
        realname = 'Michael Biebl'
        seat = 'Seat1'
        session-type = 'x11'
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty8'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2012-02-29T22:10:53.291835Z'
        login-session-id = '1'


Without pam_loginuid:
Session1:
        unix-user = '0'
        realname = 'root'
        seat = 'Seat1'
        session-type = ''
        active = FALSE
        x11-display = ''
        x11-display-device = ''
        display-device = '/dev/tty1'
        remote-host-name = ''
        is-local = TRUE
        on-since = '2012-02-29T22:18:56.526879Z'
        login-session-id = '4294967295'
Session2:
        unix-user = '1000'
        realname = 'Michael Biebl'
        seat = 'Seat1'
        session-type = 'x11'
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty8'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2012-02-29T22:10:53.291835Z'
        login-session-id = '4294967295'



Note the broken login-session-id property.

If you want to use ConsoleKit via startx, setting up pam_loginuid is a
prerequisite, otherwise the session won't be marked as active.
For that it needs to be loaded *before* pam_ck_connector. [1]

I think a "session required        pam_loginuid.so" line in
common-session, directly after pam_permit and the Additional block,
would be a suitable place.

Cheers,
Michael

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597937




-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-runtime depends on:
ii  debconf         1.5.41
ii  libpam-modules  1.1.3-7

libpam-runtime recommends no packages.

libpam-runtime suggests no packages.

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to