Bug#1077676: pcscd: unprivileged users not authorised to access OpenPGP smart cards
Gian Piero Carrubba
debian-bts at rm-rf.it
Thu Aug 1 13:08:24 BST 2024
* [Thu, Aug 01, 2024 at 12:10:38PM GMT] Thorsten Glaser:
>>On Thu, Aug 01, 2024 at 09:02:07AM +0200, Gian Piero Carrubba wrote:
>
>>> The problem is registering an xdm-initiated session with elogind.
>>> /etc/pam.d/xdm includes /etc/pam.d/common-session that calls
>>> libpam-elogind, so in this sense xdm uses elogind.
>
>That’s… very convoluted and doubly indirected, and xdm does not
>itself provide /etc/pam.d/common-session, so I’d categorically
>refute this statement (not that that’s grounds to not try and
>fix this, but I want to make this point clear first.
I'm not sure if I hadn't explained myself well enough (likely) or if I
haven't understood what you're contesting.
/etc/pam.d/xdm is provided by the xdm package and includes
/etc/pam.d/common-session.
/etc/pam.d/common-session is provided by the libpam-runtime package
(Priority: required).
The elogind package recommends (I concede it doesn't depend on, if
that's the objection) the libpam-elogind package that in its postinst
modifies /etc/pam.d/common-session.
So, if you install xdm and elogind (and libpam-runtime, but I don't
think it's possible to install Debian without pam anymore) by default
you'll have a session registered in elogind when logging in via xdm (or
at least that's the intention). Well, you don't even need to explicitly
install elogind, you just need, e.g., polkitd that depends on a logind
and choose libpam-elogind (that depends on elogind) instead of
libpam-systemd.
Ciao,
Gian Piero.
More information about the Debian-init-diversity
mailing list