GitHub - KDE/kscreenlocker: Library and components for secure lock screen architecture

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1,363 Commits
LICENSES		LICENSES
autotests		autotests
cmake		cmake
dbus		dbus
greeter		greeter
kcm		kcm
po		po
protocols		protocols
settings		settings
tests		tests
.git-blame-ignore-revs		.git-blame-ignore-revs
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.kde-ci.yml		.kde-ci.yml
CMakeLists.txt		CMakeLists.txt
COPYING		COPYING
ConfigureChecks.cmake		ConfigureChecks.cmake
DESIGN		DESIGN
KScreenLockerConfig.cmake.in		KScreenLockerConfig.cmake.in
Messages.sh		Messages.sh
README.pam		README.pam
ScreenSaverDBusInterfaceConfig.cmake.in		ScreenSaverDBusInterfaceConfig.cmake.in
abstractlocker.cpp		abstractlocker.cpp
abstractlocker.h		abstractlocker.h
ck-unlock-session.cmake		ck-unlock-session.cmake
config-kscreenlocker.h.cmake		config-kscreenlocker.h.cmake
config-unix.h.cmake		config-unix.h.cmake
globalaccel.cpp		globalaccel.cpp
globalaccel.h		globalaccel.h
interface.cpp		interface.cpp
interface.h		interface.h
kscreenlocker.notifyrc		kscreenlocker.notifyrc
ksldapp.cpp		ksldapp.cpp
ksldapp.h		ksldapp.h
logind.cpp		logind.cpp
logind.h		logind.h
logo.png		logo.png
powermanagement_inhibition.cpp		powermanagement_inhibition.cpp
powermanagement_inhibition.h		powermanagement_inhibition.h
waylandlocker.cpp		waylandlocker.cpp
waylandlocker.h		waylandlocker.h
waylandserver.cpp		waylandserver.cpp
waylandserver.h		waylandserver.h
x11info.h		x11info.h
x11locker.cpp		x11locker.cpp
x11locker.h		x11locker.h

Repository files navigation

KScrenLocker and PAM
--------------------

KScreenLocker can be configured to support the PAM ("Pluggable Authentication
Modules") system for password checking (for unlocking the display).

PAM is a flexible application-transparent configurable user-authentication 
system found on FreeBSD, Solaris, and Linux (and maybe other unixes).

Information about PAM may be found on its homepage
      http://www.kernel.org/pub/linux/libs/pam/
(Despite the location, this information is NOT Linux-specific.)


Known Solaris Issues:
--------------------

For compiling PAM support on Solaris, PAM_MESSAGE_CONST must NOT
be defined. This should now be handled automatically by the
configure script.


Using PAM
---------

By default, PAM is automatically used, if it is found.

If PAM is found, Plasma by default uses the PAM service "kde". You may
override it for KScreenLocker by using -DKSCREENLOCKER_PAM_SERVICE=<service>.

A valid PAM service definition must be specified, either by installing
files into /etc/pam.d/ or by adding service configuration to /etc/pam.conf.

Either a valid "kde" service must be installed (or copied from the "login"
service), or an alternative service must be specified using one of the
definitions above.  If the service is misconfigured, you will NOT be able
to unlock a locked screen!

If there is ever any doubt about which PAM service a program was
compiled with, it can be determined by examining the PAM-generated 
entries in the system log associated with KScreenLocker authentication
failures.

PAM configuration files have four types of entries for each service,
however KScreenLocker only uses the "auth" entries.  Other programs
using PAM may use other entries.

There may be more than one entry of each type. Check existing PAM
configuration files and PAM documentation on your system for guidance as
to what entries to make.  If you call a PAM service that is not
configured, the default action of PAM is likely to be denial of service.

Note: Screen lockers typically only authenticate a user to allow her to
continue working. They may also renew tokens etc., where supported.
See the Linux PAM Administrators guide, which is part of the PAM
distribution, for more details.

License

KDE/kscreenlocker

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Sponsor this project

Languages