<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Mar 18, 2014 at 7:19 PM, David Edmundson <span dir="ltr"><<a href="mailto:david@davidedmundson.co.uk" target="_blank">david@davidedmundson.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">kgreetplugin is a QWidget based wrapper round kcheckpass and has a<br>
custom protocol to talk to it.<br>
<br>
As Martin G said, needing kchceckpass is a legacy, that isn't needed<br>
anymore. The pam_unix module now distributes it's own SUID binary for<br>
reading the password file which it invokes if it needs to, so a PAM<br>
user like the lockscreen doesn't need to worry about it.<br>
<br>
AFAIK QAuth was also planned to use a separate binary, but it at least<br>
won't be SUID.<br>
I think it was more for the purpose of dealing with copying<br>
environment variables, and it's a simple (but lazy) solution to PAMs<br>
blocking API. Martin B can correct me.<br>
<br>
QAuth is pretty good, last time I looked at the code (~1 month ago)<br>
it's pretty neat, and abstracts PAM to hopefully have a different<br>
backend in the future (I can hope. PAM sucks). I want to use it long<br>
term.<br>
<br>
The only thing I'm not sure about is timescales, anything that touches<br>
PAM causes the main distros to panic and do a full security audit<br>
(SuSE, Red Hat at least) which I've seen happen with LightDM.<br>
<br>
Summary:<br>
Aleix's idea of moving seems ideal, we might have to make a split<br>
version of kgreeterplugin that we can use for the lockscreen, and keep<br>
kcheckpass. Long term I don't want to though.<br>
<span><font color="#888888"><br>
David<br>
</font></span><div><div>_______________________________________________<br>
Plasma-devel mailing list<br>
<a href="mailto:Plasma-devel@kde.org" target="_blank">Plasma-devel@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/plasma-devel" target="_blank">https://mail.kde.org/mailman/listinfo/plasma-devel</a><br>
</div></div></blockquote></div><br></div><div class="gmail_extra">That's what I did, it's with the screenlocker now. I'll do the same with libs/kdm.</div><div class="gmail_extra"><br></div><div class="gmail_extra">
Thank you david for your thorough explanation. :D</div><div class="gmail_extra"><br></div><div class="gmail_extra">Aleix</div></div>