[385] in athena10
Re: Larvnet design discussion
daemon@ATHENA.MIT.EDU (Timothy G Abbott)
Tue Aug 5 16:54:12 2008
Date: Tue, 5 Aug 2008 16:52:59 -0400 (EDT)
From: Timothy G Abbott <tabbott@MIT.EDU>
To: Greg Hudson <ghudson@mit.edu>
cc: athena10@mit.edu
In-Reply-To: <1217969107.12433.117.camel@error-messages.mit.edu>
Message-ID: <alpine.DEB.1.10.0808051649260.21810@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
On Tue, 5 Aug 2008, Greg Hudson wrote:
> On Tue, 2008-08-05 at 16:03 -0400, Timothy G Abbott wrote:
>>> Conveniently, debathena-pam-config doesn't touch /etc/pam.d/gdm, which
>>> is the file we want to modify for Larvnet integration. (Larvnet only
>>> monitors graphical logins, not remote logins or text console logins.)
>>
>> It does (to add pam_access.so).
>
> Oh, I missed that. That couldn't have gone into common-account?
Putting it in common-account would cause pam_access.so checks to affect
all system users as well, so the system users wouldn't be able to "log in"
when you try to restrict login access to e.g. tabbott and root. I don't
recall precisely what set of things change user to system users via PAM,
but that's why we do it this way.
-Tim Abbott
