GDM: Access login credentials after login

elchupanebre · 10-24-2008, 03:20 AM

Hi,

I have to run a few commands after the user logged in. As I'm using GDM as login manager so there is /etc/gdm/PostLogin/Default script which is able to handle that.

Some of that commands need the users login name and password. Login name is not a problem as $LOGNAME contains that information, but is it possible to access the users password after he has logged in into GDM?

Thanks for your help
El

irishbitte · 10-24-2008, 04:34 PM

Can you explain a bit more why you need this info? Sounds like you want to keylog someones info, which is against the rules: http://www.linuxquestions.org/linux/rules.html

elchupanebre · 10-25-2008, 02:37 AM

Oh, yeah sure!

I manage our universities network and we plan to introduce 802.1x to authenticate the students using our network. 802.1x authentication works well using wpa_supplicant but gui support for wired connections is terrible. The solution has to be as easy as possible.

The idea is that /etc/gdm/PostLogin/Default starts wpa_supplicant and provides the users login credentials via wpa_cli.

Code:

### SETUP NETWORK INTERFACE
#
INTERFACE="eth0"
#
# prompt for users password field
#
if ! PASS=`zenity --entry --hide-text --text "To gain access to the network please enter the password for user \"$LOGNAME\" again:"`; then
  exit;
fi
#
# restart network interface
#
ifconfig $INTERFACE down
ifconfig $INTERFACE up
#
# start wpa_supplicant and provide users login credentials
#
wpa_supplicant -D wired -i $INTERFACE -c /etc/wpa_supplicant.conf -f /var/log/wpa_supplicant.log -B
wpa_cli identity network $LOGNAME
wpa_cli password network $PASS
#
sleep 3
#
# start DCHP request
#
dhclient $INTERFACE
#

It works quite well but it's ugly to prompt for the users password. It would be much smoother if I could grab it from GDM so the users won't recognize the authentication process.

irishbitte · 10-29-2008, 02:37 PM

Would you not store this information in the users keyring? That way, the wireless network can pull up info from keyring...

elchupanebre · 10-30-2008, 04:19 AM

Quote:

Originally Posted by irishbitte

Would you not store this information in the users keyring? That way, the wireless network can pull up info from keyring...

It's not about authenticating against a wireless network. It's about authenticating against a wired network.

How could I store the credentials in the users keyring? And how could I access them because wpa_supplicant has to run as root.

jschiwal · 10-30-2008, 04:53 AM

I'd recommend reading some howto's found with the google terms: 'robust secure network' linux ccmp

I hope you aren't using wpa_psk protocol. The password in that case would be the same for all of the students. The wpa_password isn't the
same as the password that is used for authentication into a host.

If these are fixed lab computers and not the students' own laptops, then I suppose you could have a 'secret' in a file if the
students don't have root access. But if this is the case, why don't the login credentials control who has access to the network?