[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Differentiating remote and local logins with gdm and pam_group



Haven't found a solution in any searches I've done thus far, so here's
my problem:

Given:

- 1 Debian 3.0 workstation running gdm 2.2.5.5-2 (and pam 0.72-35),
  offering XDMCP access to selected other X Terminals, and also
  allowing gdm logins on the local console.

- 1 remote X Terminal (soon to be several) which connects to the above
  workstation via XDMCP.

The problem is that I'd like for users logging in locally via gdm to
be added to the various audio, floppy, etc. groups so that they have
access to the normal sound and removable media devices on the
workstation. However, I'd like for users logging in remotely via gdm
(the X Terminal users) to *not* get any special access to the
hardware.

Here's my line from /etc/security/group.conf:

  gdm; :*; *; Al0000-2400; audio,floppy,video,cdrom

I have verified that a remote login gets tty set to 'remoteterm:0',
for example, and a local login gets tty set to ':0'. I'd have thought
that the ':*' would match ':0', but not 'remoteterm:0', but it
apparently matches both according to the pam debug log.

If at all possible, I'd really rather not install xdm for remote
logins, and gdm for local.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []