Last bits in kde-workspace
Aleix Pol
aleixpol at kde.org
Wed Mar 19 01:33:51 UTC 2014
On Tue, Mar 18, 2014 at 7:19 PM, David Edmundson <david at davidedmundson.co.uk
> wrote:
> kgreetplugin is a QWidget based wrapper round kcheckpass and has a
> custom protocol to talk to it.
>
> As Martin G said, needing kchceckpass is a legacy, that isn't needed
> anymore. The pam_unix module now distributes it's own SUID binary for
> reading the password file which it invokes if it needs to, so a PAM
> user like the lockscreen doesn't need to worry about it.
>
> AFAIK QAuth was also planned to use a separate binary, but it at least
> won't be SUID.
> I think it was more for the purpose of dealing with copying
> environment variables, and it's a simple (but lazy) solution to PAMs
> blocking API. Martin B can correct me.
>
> QAuth is pretty good, last time I looked at the code (~1 month ago)
> it's pretty neat, and abstracts PAM to hopefully have a different
> backend in the future (I can hope. PAM sucks). I want to use it long
> term.
>
> The only thing I'm not sure about is timescales, anything that touches
> PAM causes the main distros to panic and do a full security audit
> (SuSE, Red Hat at least) which I've seen happen with LightDM.
>
> Summary:
> Aleix's idea of moving seems ideal, we might have to make a split
> version of kgreeterplugin that we can use for the lockscreen, and keep
> kcheckpass. Long term I don't want to though.
>
> David
> _______________________________________________
> Plasma-devel mailing list
> Plasma-devel at kde.org
> https://mail.kde.org/mailman/listinfo/plasma-devel
>
That's what I did, it's with the screenlocker now. I'll do the same with
libs/kdm.
Thank you david for your thorough explanation. :D
Aleix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20140319/bc404d32/attachment.html>
More information about the Plasma-devel
mailing list