On 29.02.2012 23:46, Steve Langasek wrote: > On Wed, Feb 29, 2012 at 11:25:42PM +0100, Michael Biebl wrote: > >> please consider enabling pam_loginuid by default. >> consolekit relies on that information to setup a correct >> login-session-id property and a correct context in case the X session is >> started via startx. > > DESCRIPTION > The pam_loginuid module sets the loginuid process attribute for the > process that was authenticated. This is necessary for applications to > be correctly audited. This PAM module should only be used for entry > point applications like: login, sshd, gdm, vsftpd, crond and atd. > > This appears to make it inappropriate to include by default via > libpam-runtime. Some of these services are interactive, some are > noninteractive; there are both interactive and noninteractive services that > don't count as initial login services.
Well, what is the problem of enabling pam_loginuid for non-entry-point-applications? Does this cause any unwanted side-effects? If so, which ones? I've been using this configuration without noticing any problem, so I'm curious. >> Note the broken login-session-id property. > >> If you want to use ConsoleKit via startx, setting up pam_loginuid is a >> prerequisite, otherwise the session won't be marked as active. >> For that it needs to be loaded *before* pam_ck_connector. [1] > > Why in the world does a login session ID have anything to do with a session > being "active"? That seems like a buggy definition to me. Sorry, I meant "local" here. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
