(I posted this to debian-security earlier today, but debian-user might
be a better place for it. Please CC: me on replies.)

Haven't found a solution in any searches I've done thus far, so here's
my problem:

Given:

- 1 workstation running gdm 2.2.5.5-2 (and pam 0.72-35), offering
  XDMCP access to selected other X Terminals, and also allowing gdm
  logins on the local console.

- 1 remote X Terminal (soon to be several) which connects to the above
  workstation via XDMCP.

The problem is that I'd like for users logging in locally via gdm to
be added to the various audio, floppy, etc. groups so that they have
access to the normal sound and removable media devices on the
workstation. However, I'd like for users logging in remotely via gdm
(the X Terminal users) to *not* get any special access to the
hardware.

Here's my line from /etc/security/group.conf:

  gdm; :*; *; Al0000-2400; audio,floppy,video,cdrom

I have verified that a remote login gets tty set to 'remoteterm:0',
for example, and a local login gets tty set to ':0'. I'd have thought
that the ':*' would match ':0', but not 'remoteterm:0', but it
apparently matches both according to the pam debug log.

If at all possible, I'd really rather not install xdm for remote
logins, and gdm for local.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]


-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to