Skip to content

Library and components for secure lock screen architecture.

License

Notifications You must be signed in to change notification settings

MarkoShiva/kscreenlocker

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

kscreenlocker can be configured to support the PAM ("Pluggable Authentication 
Modules") system for password checking (for unlocking the display).

PAM is a flexible application-transparent configurable user-authentication 
system found on FreeBSD, Solaris, and Linux (and maybe other unixes).

Information about PAM may be found on its homepage
      http://www.kernel.org/pub/linux/libs/pam/
(Despite the location, this information is NOT Linux-specific.)


Known Solaris Issues:
--------------------

For compiling PAM support on Solaris, PAM_MESSAGE_CONST must NOT
be defined. This should now be handled automatically by the
configure script.


Using PAM
---------

By default, PAM is automatically used, if it is found.

If PAM is found, KDE usually uses the PAM service "kde". You may
override it for all KDE programs by using -DKDE4_COMMON_PAM_SERVICE=<service> and/or
individually by using -DKSCREENSAVER_PAM_SERVICE=<service>.
This was because other programs used to use PAM as well, like kdm.

"make install" will attempt to create suitable service definitions; either
by putting files into /etc/pam.d/ or by adding text to /etc/pam.conf. The
services are just copies of the "login" service. 
You may want to edit these definitions to meet your needs.
There are also two example service definitions in this directory -
kde.pamd and kscreensaver.pamd - but don't just copy them!
If the services are misconfigured, you will NOT be able to login via KDM
and/or unlock a locked screen!

If there is ever any doubt about which PAM service a program was
compiled with, it can be determined by examining the PAM-generated 
entries in the system log associated with kdm logins or kscreensaver
authentication failures.


PAM configuration files have four types of entries for each service:

type		used by kdm		used by kscreensaver
----		-----------		--------------------
auth		    x				x
account		    x				
password	    x				
session		    x

There may be more than one entry of each type. Check existing PAM
configuration files and PAM documentation on your system for guidance as
to what entries to make.  If you call a PAM service that is not
configured, the default action of PAM is likely to be denial of service.

Note: kdm implements PAM "session" support, which is not implemented in
certain PAM-aware xdm's that it may be replacing (e.g., the Red Hat 
Linux 5.x xdm did not implement it).  This may be configured to carry out 
actions when a user opens or closes an kdm session, if a suitable PAM 
module is available (e.g., mount and unmount user-specific filesystems).

Note 2: Screensavers typically only authenticate a user to allow her to
continue working. They may also renew tokens etc., where supported.
See the Linux PAM Administrators guide, which is part of the PAM
distribution, for more details. 


About

Library and components for secure lock screen architecture.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 76.2%
  • CMake 9.0%
  • C 8.2%
  • QML 6.3%
  • Other 0.3%