question on x windows

Aaron Bliss abliss at brockport.edu
Thu Feb 5 16:52:00 UTC 2009 

I started working on a solution to restrict remote xwindows connections
based upon group membership this morning and finally thought of a very
simple solution (I decided to standardize our servers on using kdm instead
of gdm, not related to this solution though).  The solution I came up with
to restrict kdm logins was to add the following line in /etc/pam.d/kdm:
auth       required     /lib/security/$ISA/pam_succeed_if.so quiet user
ingroup group1

I thought others may find this helpful.

Aaron

-----Original Message-----
From: Aaron Bliss [mailto:abliss at brockport.edu] 
Sent: Friday, February 29, 2008 8:59 AM
To: General Red Hat Linux discussion list
Subject: Re: question on x windows

I have this working.  Turned out to be bad gdm custom.conf file.  
Everything seems to be working fine now.  Is there a way to require a 
user be in a certain group in order to connect to gdm or xwindows?  In 
sshd_conf, there is a AllowGroups option.  Is there any simular way to 
restirct access for gdm?  Thanks.

Aaron

Aaron Bliss wrote:
> Hi everyone,
> I'm very close to having this working properly.  Here's what's 
> installed.  GDM and kde, gnome is not installed.  Here is what I'm 
> seeing.  GDM is listening and accepting connections properly.
> 1. After logging into a session via x windows, if a user right clicks 
> the desktop and selects loggoff, kde attempts to start another 
> re-spawn a new display on DISPLAY 0, which of course would only work 
> if the user was actually logged in at the console.  If the user just 
> ends the x session (closes the client window on their computer, 
> everything works and closes fine).  Is there away to remove the 
> loggoff option from kde?
> 2. When a user connects to gdm (they haven't logged in yet, they are 
> sitting at the login prompt) and clicks the session button and chooses 
> a session that is not their default session, the desktop and kde load 
> fine.  If the user does not click the session button, then kde never 
> loads and all they get is a black screen, no errors or anything.
> Please advise as to how I can work around these 2 bugs.  If there 
> isn't an easy workaround, I would like to possibly try kdm.  Is there 
> a way to stop gdm and start kdm without restarting the box?  Thanks.
>
> Aaron

More information about the redhat-list mailing list