don't use the paths but let pam find modules itself

Wed Aug 06 17:40:27 2003  George Lebl <jirka@5z.com>

	* gdmsetup-pam: don't use the paths but let pam find modules itself

	* gui/gdmlogin.c, gui/greeter/greeter_item_ulist.c: limit number of
	  users at 100 (rather then 50) where it really becomes bad.  We need
	  to handle this in a nicer way.

	* daemon/xdmcp.c: make the globsessid default to rand() so that they
	  really differ from run to run, rather then just time(NULL).  check
	  tcp wrappers for managed_forward and got_managed_forward (just to
	  be anal), also check tcp wrappers on forward query, the Alive packet
	  now gets sent with real info rather then just whatever keepalive
	  sent us (and thus follows the spec).  Make sure the session id is
	  never zero as that can happen now.  Send at most one unwilling packet
	  per second, and try to defer doing any actual work until after
	  we checked with tcp wrappers.  Also add some more potential
	  debugging.

	* daemon/verify-pam.c: translate the lowercase "username:" and
	  "password:", some modules seem to be using those.

	* daemon/xdmcp.c, gui/gdmchooser.c: if the condition is not new
	  data to be read, don't try to run XdmcpFill

	* docs/C/gdm.xml: more notes on security of XDMCP and using
	  MIT-MAGIC-COOKIE-1 added, plus a section on the TCP Wrappers,
	  though it kind of sucks.

1 files changed, 5 insertions, 5 deletions

diff --git a/gdmsetup-pam b/gdmsetup-pam
index 44b01cfc..ecb84946 100644
--- a/gdmsetup-pam
+++ b/gdmsetup-pam
@@ -1,6 +1,6 @@
 #%PAM-1.0
-auth       sufficient   /lib/security/pam_rootok.so
-auth       required     /lib/security/pam_stack.so service=system-auth
-session    required     /lib/security/pam_permit.so
-session    optional     /lib/security/pam_xauth.so
-account    required     /lib/security/pam_permit.so
+auth       sufficient   pam_rootok.so
+auth       required     pam_stack.so service=system-auth
+session    required     pam_permit.so
+session    optional     pam_xauth.so
+account    required     pam_permit.so