Warning, /plasma/kscreenlocker/README.pam is written in an unsupported language. File is not indexed. 

0001 kscreenlocker can be configured to support the PAM ("Pluggable Authentication 
0002 Modules") system for password checking (for unlocking the display).
0003 
0004 PAM is a flexible application-transparent configurable user-authentication 
0005 system found on FreeBSD, Solaris, and Linux (and maybe other unixes).
0006 
0007 Information about PAM may be found on its homepage
0008       http://www.kernel.org/pub/linux/libs/pam/
0009 (Despite the location, this information is NOT Linux-specific.)
0010 
0011 
0012 Known Solaris Issues:
0013 --------------------
0014 
0015 For compiling PAM support on Solaris, PAM_MESSAGE_CONST must NOT
0016 be defined. This should now be handled automatically by the
0017 configure script.
0018 
0019 
0020 Using PAM
0021 ---------
0022 
0023 By default, PAM is automatically used, if it is found.
0024 
0025 If PAM is found, KDE usually uses the PAM service "kde". You may
0026 override it for all KDE programs by using -DKDE4_COMMON_PAM_SERVICE=<service> and/or
0027 individually by using -DKSCREENSAVER_PAM_SERVICE=<service>.
0028 This was because other programs used to use PAM as well, like kdm.
0029 
0030 "make install" will attempt to create suitable service definitions; either
0031 by putting files into /etc/pam.d/ or by adding text to /etc/pam.conf. The
0032 services are just copies of the "login" service. 
0033 You may want to edit these definitions to meet your needs.
0034 There are also two example service definitions in this directory -
0035 kde.pamd and kscreensaver.pamd - but don't just copy them!
0036 If the services are misconfigured, you will NOT be able to login via KDM
0037 and/or unlock a locked screen!
0038 
0039 If there is ever any doubt about which PAM service a program was
0040 compiled with, it can be determined by examining the PAM-generated 
0041 entries in the system log associated with kdm logins or kscreensaver
0042 authentication failures.
0043 
0044 
0045 PAM configuration files have four types of entries for each service:
0046 
0047 type            used by kdm             used by kscreensaver
0048 ----            -----------             --------------------
0049 auth                x                           x
0050 account             x                           
0051 password            x                           
0052 session             x
0053 
0054 There may be more than one entry of each type. Check existing PAM
0055 configuration files and PAM documentation on your system for guidance as
0056 to what entries to make.  If you call a PAM service that is not
0057 configured, the default action of PAM is likely to be denial of service.
0058 
0059 Note: kdm implements PAM "session" support, which is not implemented in
0060 certain PAM-aware xdm's that it may be replacing (e.g., the Red Hat 
0061 Linux 5.x xdm did not implement it).  This may be configured to carry out 
0062 actions when a user opens or closes an kdm session, if a suitable PAM 
0063 module is available (e.g., mount and unmount user-specific filesystems).
0064 
0065 Note 2: Screensavers typically only authenticate a user to allow her to
0066 continue working. They may also renew tokens etc., where supported.
0067 See the Linux PAM Administrators guide, which is part of the PAM
0068 distribution, for more details. 
0069 
0070