Date: Thu, 24 Apr 1997 09:59:11 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: davidn@unique.usn.blaze.net.au (David Nugent) Cc: abelits@phobos.illtel.denver.co.us, adrian@staff.psinet.net.au, freebsd-hackers@FreeBSD.ORG Subject: Re: Best way to hook into user logins / logouts ? Message-ID: <199704241659.JAA01478@phaeton.artisoft.com> In-Reply-To: <199704240551.PAA26327@unique.usn.blaze.net.au> from "David Nugent" at Apr 24, 97 03:51:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > ...and this is exactly what I mean by "broken" -- starting xterm isn't > > exactly "login". > > Oh, well then I guess it depends on your definition. :) It *is* in > fact a session, even in the truest technical sense. But even under > your more strict definition of "login", then you'd miss a lot of > real "logins" if you didn't account form them, for example, if an > xterm was started from remote by: > > rsh <yourhost> exec env DISPLAY=$HOSTDISPLAY xterm & What? No. A session is an authentication instance; xdm is a session manager. "Regular" logins don't make a distinction between "session" and "process group leader", and are essentially tty bound because of this. If xterm's were sessions rather than seperate process group leaders under a single "session", then you would be required to resupply your credentials when you started them. Yes, this is all pretty kludged, and the setsid()/setpgid()/tcsetpgrp() crap is all pretty kludged when it comes to the idea of "session". It's a shame, because the concept of "session" and the idea that multiple session reference the same credential instance instead of referring to identical (but seperate) credential instances is *truly* useful for things like SMBFS, ATPFS, NCPFS, and other PC networking style authentication models applying to UNIX cerdentials on a per credential (user) basis. It's also useful for tty unbinding, to allow a process group leader to be attached/detached to/from other tty's while leaving the underlying session intact. You can do that if you define a session as a process group leader attached to a controlling tty (which is the purpose of tcsetpgrp() et al.). Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704241659.JAA01478>