kgreetplugin is a QWidget based wrapper round kcheckpass and has a custom protocol to talk to it.
As Martin G said, needing kchceckpass is a legacy, that isn't needed anymore. The pam_unix module now distributes it's own SUID binary for reading the password file which it invokes if it needs to, so a PAM user like the lockscreen doesn't need to worry about it. AFAIK QAuth was also planned to use a separate binary, but it at least won't be SUID. I think it was more for the purpose of dealing with copying environment variables, and it's a simple (but lazy) solution to PAMs blocking API. Martin B can correct me. QAuth is pretty good, last time I looked at the code (~1 month ago) it's pretty neat, and abstracts PAM to hopefully have a different backend in the future (I can hope. PAM sucks). I want to use it long term. The only thing I'm not sure about is timescales, anything that touches PAM causes the main distros to panic and do a full security audit (SuSE, Red Hat at least) which I've seen happen with LightDM. Summary: Aleix's idea of moving seems ideal, we might have to make a split version of kgreeterplugin that we can use for the lockscreen, and keep kcheckpass. Long term I don't want to though. David _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
