On Tue, Mar 18, 2014 at 7:19 PM, David Edmundson <da...@davidedmundson.co.uk > wrote:
> kgreetplugin is a QWidget based wrapper round kcheckpass and has a > custom protocol to talk to it. > > As Martin G said, needing kchceckpass is a legacy, that isn't needed > anymore. The pam_unix module now distributes it's own SUID binary for > reading the password file which it invokes if it needs to, so a PAM > user like the lockscreen doesn't need to worry about it. > > AFAIK QAuth was also planned to use a separate binary, but it at least > won't be SUID. > I think it was more for the purpose of dealing with copying > environment variables, and it's a simple (but lazy) solution to PAMs > blocking API. Martin B can correct me. > > QAuth is pretty good, last time I looked at the code (~1 month ago) > it's pretty neat, and abstracts PAM to hopefully have a different > backend in the future (I can hope. PAM sucks). I want to use it long > term. > > The only thing I'm not sure about is timescales, anything that touches > PAM causes the main distros to panic and do a full security audit > (SuSE, Red Hat at least) which I've seen happen with LightDM. > > Summary: > Aleix's idea of moving seems ideal, we might have to make a split > version of kgreeterplugin that we can use for the lockscreen, and keep > kcheckpass. Long term I don't want to though. > > David > _______________________________________________ > Plasma-devel mailing list > Plasma-devel@kde.org > https://mail.kde.org/mailman/listinfo/plasma-devel > That's what I did, it's with the screenlocker now. I'll do the same with libs/kdm. Thank you david for your thorough explanation. :D Aleix
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
