Warning, /plasma/kscreenlocker/README.pam is written in an unsupported language. File is not indexed.
0001 kscreenlocker can be configured to support the PAM ("Pluggable Authentication 0002 Modules") system for password checking (for unlocking the display). 0003 0004 PAM is a flexible application-transparent configurable user-authentication 0005 system found on FreeBSD, Solaris, and Linux (and maybe other unixes). 0006 0007 Information about PAM may be found on its homepage 0008 http://www.kernel.org/pub/linux/libs/pam/ 0009 (Despite the location, this information is NOT Linux-specific.) 0010 0011 0012 Known Solaris Issues: 0013 -------------------- 0014 0015 For compiling PAM support on Solaris, PAM_MESSAGE_CONST must NOT 0016 be defined. This should now be handled automatically by the 0017 configure script. 0018 0019 0020 Using PAM 0021 --------- 0022 0023 By default, PAM is automatically used, if it is found. 0024 0025 If PAM is found, KDE usually uses the PAM service "kde". You may 0026 override it for all KDE programs by using -DKDE4_COMMON_PAM_SERVICE=<service> and/or 0027 individually by using -DKSCREENSAVER_PAM_SERVICE=<service>. 0028 This was because other programs used to use PAM as well, like kdm. 0029 0030 "make install" will attempt to create suitable service definitions; either 0031 by putting files into /etc/pam.d/ or by adding text to /etc/pam.conf. The 0032 services are just copies of the "login" service. 0033 You may want to edit these definitions to meet your needs. 0034 There are also two example service definitions in this directory - 0035 kde.pamd and kscreensaver.pamd - but don't just copy them! 0036 If the services are misconfigured, you will NOT be able to login via KDM 0037 and/or unlock a locked screen! 0038 0039 If there is ever any doubt about which PAM service a program was 0040 compiled with, it can be determined by examining the PAM-generated 0041 entries in the system log associated with kdm logins or kscreensaver 0042 authentication failures. 0043 0044 0045 PAM configuration files have four types of entries for each service: 0046 0047 type used by kdm used by kscreensaver 0048 ---- ----------- -------------------- 0049 auth x x 0050 account x 0051 password x 0052 session x 0053 0054 There may be more than one entry of each type. Check existing PAM 0055 configuration files and PAM documentation on your system for guidance as 0056 to what entries to make. If you call a PAM service that is not 0057 configured, the default action of PAM is likely to be denial of service. 0058 0059 Note: kdm implements PAM "session" support, which is not implemented in 0060 certain PAM-aware xdm's that it may be replacing (e.g., the Red Hat 0061 Linux 5.x xdm did not implement it). This may be configured to carry out 0062 actions when a user opens or closes an kdm session, if a suitable PAM 0063 module is available (e.g., mount and unmount user-specific filesystems). 0064 0065 Note 2: Screensavers typically only authenticate a user to allow her to 0066 continue working. They may also renew tokens etc., where supported. 0067 See the Linux PAM Administrators guide, which is part of the PAM 0068 distribution, for more details. 0069 0070