gdm and pam_group problem
Haven't found a solution in any searches I've done thus far, so here's
my problem:
Given:
- 1 workstation running gdm 2.2.5.5-2 (and pam 0.72-35), offering
XDMCP access to selected other X Terminals, and also allowing gdm
logins on the local console.
- 1 remote X Terminal (soon to be several) which connects to the above
workstation via XDMCP.
The problem is that I'd like for users logging in locally via gdm to
be added to the various audio, floppy, etc. groups so that they have
access to the normal sound and removable media devices on the
workstation. However, I'd like for users logging in remotely via gdm
(the X Terminal users) to *not* get any special access to the
hardware.
Here's my line from /etc/security/group.conf:
gdm; :*; *; Al0000-2400; audio,floppy,video,cdrom
I have verified that a remote login gets tty set to 'remoteterm:0',
for example, and a local login gets tty set to ':0'. I'd have thought
that the ':*' would match ':0', but not 'remoteterm:0', but it
apparently matches both according to the pam debug log.
Any ideas, including a more appropriate list to ask these questions?
If at all possible, I'd really rather not install xdm for remote
logins, and gdm for local.
--
Mike Renfro / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: