kcheckpass auth methods
Martin Gräßlin
mgraesslin at kde.org
Fri Feb 24 14:59:22 GMT 2017
Hi distributions,
I'm currently cleaning up the kcheckpass code (kscreenlocker repository)
and are wondering what is still needed.
We currently have code for the following auth backends:
* pam
* OSF/1 C2 security extension
* AIX
* /etc/shadow
* /etc/passwd
The default is pam, though it is compile time optional. If pam is
available, pam is used.
The next is the OSF thing which is ifdef with HAVE_OSF_C2_PASSWD - I
don't see that anywhere set, so might be dead code.
Next would be AIX bound to _AIX being defined. From quick google that
seems to be support for IBM AIX platform.
Next is /etc/shadow. That's actually compiled by default and is on Linux
the fallback in case of no PAM. And last but not least /etc/passwd which
is the absolute fallback. I assume it to be broken.
I would like to know if any distribution (including BSDs) is using
something different than PAM and if yes which one. For the linux
distributions I would like to know whether we can enforce PAM at compile
time in case we detect compilation on linux (I got too many bug reports
about not being able to unlock due to the optional dependency, hello
Gentoo users knowing how to set proper flags :-P ).
Also I would like to know whether your distribution (including BSDs)
still setuid kcheckpass. By default we do not setuid if we are compiling
with PAM support otherwise it's enabled. In the past we used to setuid
for all and distros forgot to set it and it worked nevertheless. So I'm
wondering whether it's needed at all.
Any platform which doesn't get claimed as used will be dropped from the
code by March 10th. If nobody claims to use setuid this will also be
removed at the same date.
Cheers
Martin
More information about the Distributions
mailing list