TDE base libraries and programs
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.pam 2.9 KiB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. KDE can be configured to support the PAM ("Pluggable Authentication
  2. Modules") system for password checking by the display manager tdm and
  3. by the screen saver tdescreensaver (for unlocking the display).
  4. PAM is a flexible application-transparent configurable user-authentication
  5. system found on FreeBSD, Solaris, and Linux (and maybe other unixes).
  6. Information about PAM may be found on its homepage
  7. http://www.kernel.org/pub/linux/libs/pam/
  8. (Despite the location, this information is NOT Linux-specific.)
  9. Known Solaris Issues:
  10. --------------------
  11. For compiling PAM support on Solaris, PAM_MESSAGE_NONCONST must
  12. be defined. This should now be handled automatically by the
  13. configure script.
  14. Using PAM
  15. ---------
  16. By default, PAM is automatically used, if it is found. Use
  17. ./configure --without-pam to disable it.
  18. If PAM is found, KDE usually uses the PAM service "kde". You may
  19. override it for all KDE programs by using --with-pam=<service> and/or
  20. individually by using --with-<prog>-pam=<service>, where <prog> is
  21. one of tdm, kcp and kss (for tdm, kcheckpass and tdescreensaver).
  22. "make install" will attempt to create suitable service definitions; either
  23. by putting files into /etc/pam.d/ or by adding text to /etc/pam.conf. The
  24. services are just copies of the "login" service.
  25. You may want to edit these definitions to meet your needs.
  26. There are also two example service definitions in this directory -
  27. kde.pamd and tdescreensaver.pamd - but don't just copy them!
  28. If the services are misconfigured, you will NOT be able to login via TDM
  29. and/or unlock a locked screen!
  30. If there is ever any doubt about which PAM service a program was
  31. compiled with, it can be determined by examining the PAM-generated
  32. entries in the system log associated with tdm logins or tdescreensaver
  33. authentication failures.
  34. PAM configuration files have four types of entries for each service:
  35. type used by tdm used by tdescreensaver
  36. ---- ----------- --------------------
  37. auth x x
  38. account x
  39. password x
  40. session x
  41. There may be more than one entry of each type. Check existing PAM
  42. configuration files and PAM documentation on your system for guidance as
  43. to what entries to make. If you call a PAM service that is not
  44. configured, the default action of PAM is likely to be denial of service.
  45. Note: tdm implements PAM "session" support, which is not implemented in
  46. certain PAM-aware xdm's that it may be replacing (e.g., the Red Hat
  47. Linux 5.x xdm did not implement it). This may be configured to carry out
  48. actions when a user opens or closes an tdm session, if a suitable PAM
  49. module is available (e.g., mount and unmount user-specific filesystems).
  50. Note 2: Screensavers typically only authenticate a user to allow her to
  51. continue working. They may also renew tokens etc., where supported.
  52. See the Linux PAM Administrators guide, which is part of the PAM
  53. distribution, for more details.