~kennylevinsen/greetd-devel

1

Clarifications about changes in 0.10.0

Details
Message ID
<87y18tcpl7.fsf@city17.xyz>
DKIM signature
pass
Download raw message
Hi,

I'm using greetd and uigreet, I /think/ version 0.9.0 but I can't check the version number.

I'm reading the changelog attached to the tag 0.10.0, I need some info before upgrading to be sure I don't cut myself out of Sway at the next login :-)

> greetd now supports the `/usr/lib/pam.d` service folder, and using a
> different PAM service file for greeter and user sessions. If a service
> file named "greetd-greeter" is present, this will be used for the
> greeter session, while "greetd" is used for the user session.

What is the advantage of having these two new files? What does "using a different PAM service file for greeter and user sessions" actually entails?

What should be the content of the files "greetd-greeter" and "greetd"? Is "greetd" here the binary I compile and now have in /usr/local/bin?

> The service file can also be configured in the general, default_session and initial_session sections through the "service" setting.

The "service" setting of which file? Maybe `/etc/systemd/system/greetd.service`? I see a "default_session" in `/etc/greetd/config.toml`, unsure if related.

I'm confused because I don't have a mental model of how greetd, PAM and the Wayland login works. Thanks if you can provide some hand-in-hand guidance to this upgrade.

I'll probably have more questions :)
Details
Message ID
<2d072fb7-450e-448f-8fe1-eb6149c20a87@kl.wtf>
In-Reply-To
<87y18tcpl7.fsf@city17.xyz> (view parent)
DKIM signature
pass
Download raw message
On 5/1/24 8:57 PM, jman wrote:
> What is the advantage of having these two new files? What does "using a
> different PAM service file for greeter and user sessions" actually
> entails?
>
> What should be the content of the files "greetd-greeter" and "greetd"?
> Is "greetd" here the binary I compile and now have in /usr/local/bin?

/etc/pam.d/greetd is the PAM configuration file describing how greetd 
should authenticate users and check if the accounts are ok for login. If 
you did not have one previously, just copy /etc/pam.d/login, as 
mentioned in the changelog.

There is no reason to use a separate config for the greeter if you do 
not have a specific need for it.

> The service file can also be configured in the general, default_session and initial_session sections through the "service" setting.

There is only one greetd configuration file, /etc/greetd/config.toml. 
See `man 1 greetd` and `man 5 greetd` (although I see we missed the 
manpage update for the service field). Again, the default is fine and 
there is no reason to set this unless you have a specific need for it.

> I'm confused because I don't have a mental model of how greetd, PAM and the Wayland login works. Thanks if you can provide some hand-in-hand guidance to this upgrade.

greetd uses PAM to figure out if you are allowed to run stuff as the 
user you claim to be, and to see if the account is locked and stuff. 
PAM, based on which modules are configured in the PAM configuration 
file, tells us what questions to ask if any (like "Password: ", "OTP 
code: ", "Favorite pizza: "), and when PAM says A-OK, greetd runs the 
command you asked for as your user. If PAM says no, we say no.

"Wayland login" is just "run command that just so happened to be a 
Wayland server/desktop environment as your user". It's no really no 
different than logging on to a kernel console and running the command 
yourself.
Reply to thread Export thread (mbox)