SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Now, an actual problem: I can log into the lightdm/KDE desktop with Domain credentials just fine, and can use the Settings > Account Details > Change Password, to change the domain password. Works great.
Not working: I "locked" the screen, got a dialog asking for password to unlock it. Nothing I typed in worked. That module is apparently not pamified. Is something specific to KDE (which, I supposed is not build with PAM)? Is there a fix?
The man page for that says, "dm-tool is a tool to communicate with the LightDM display manager ... lock Lock the current seat. This will switch to a greeter with a hint that the screen is locked. You can return to this session by authenticating in the greeter."
The problem here is a) the screen is already locked, the trick is to get it unlocked; and b) I believe this "session has been locked" window is put up by KDE, not lightDM (lightDM is PAMified).
I can think of 2 approaches: 1) PAMify KDE. 2) find the module that does the "session had been locked" dialog and replace that with e.g. a YAD script that uses samba-tool to authenticate. The latter is essentially what Roland Penny did for Ubuntu domain password changing. I'll investigate this approach since it seems simpler (to me) than PAMifying KDE -- provided the locking dialog is isolated in some easily replaced module.
Ah! Excellent! I've been searching and posting messages looking for the location of that kscreenlocker_greet module. Thanks (another) million. I'll play with that as soon as I get back in front of my test computer.
In anticipation ...
the manpage for `dm-tool lock` says, "Lock the current seat. This will switch to a greeter with a hint that the screen is locked. You can return to this session by authenticating in the greeter."
I'll check what you've posted and see if it's there, but I'll need to modify the module that does the authenticating.
Some progress ... I created the script /usr/lib64/kde4/libexec/kscreenlocker_greet
Code:
#!/bin/bash
yad --title="testing" --text="Enter something:" --entry --button "myButton"
exit 0
which does put up that dialog on the screen when Launcher > Leave > Lock, is clicked. So far so good. That means that /usr/lib64/kde4/libexec/kscreenlocker_greet is, in fact, the module run when doing the 'screen lock' bit.
However, I can enter nothing into the input field, nor can I click on the button. I can move the cursor all over, but neither keyboard nor mouse buttons are operational. These things do work if I run the yad manually in a Konsole window logged into KDE as the domain user.
If I replace the yad command with `sleep 20`. The keyboard and mouse keys are hung for 20 seconds, but I still can move the cursor all over.
So, any ideas how I can give control to the yad program for keyboard/mouse input in this case?
yad has a parameter "--parent-win=XID" which is described as, "Specify a parent window for the dialog. This makes YAD possible to use as embedded GUI tool." Might be worth experimenting to see if my yad dialog gets the focus.
On second thought, the symptoms you describe with your yad script may be because the screen is locked so you cannot type or click or do anything else in the yad dialog while the screen is locked ...
Catch 22.
There are some links out on google concerning unlocking a KDE session remotely.
But that would require that you unlock the screen before invoking the yad dialog ( ? does not sound secure ? ) and then it would still leave the task of Authenticating an AD User's Password after they type 'something' into the yad or KDialog Box ...
Another Catch 22 ...
All the hits for 'check password from command line' that I found on google involved re-hashing whatever password the user entered and then comparing the computed hash to the record in /etc/shadow.
No joy since AD users are not in /etc/shadow.
Maybe ivandi's PAM-enabled light-dm-greeter could be used ? ... I dunno ...
You might be able to do something clever and SECURE with ivandi's sudo ( which is PAM-enabled ) ? ... I dunno that either ...
But I wonder if after all is said and done, the only proper solution will be to rebuild KDE with Pat's KDE SlackBuild Scripts on a PAM-enabled system ( see http://www.linuxquestions.org/questi...8/#post5612717 ) ?
A document is opened in LibreOffice. The document is in a shared folder Share.
CL2 (SlackMATE)
User: Administrator
The user is connected to the shared folder on CL1 and tries to open the same document.
As you can see the user is warned that the document is already locked.
SLACK (PAMified Slackware running KDE and LibreOffice from Alien Bob)
User: Administrator
The user is connected to the shared folder on CL1 and tries to open the same document.
As you can see the user receives a copy (2013_0_test.odt) of the file without any warning that the same document is already locked/edited.
Ivandi - SlackMATE might very well work better, but my project involve migrating (actually, coaxing) people away from Windows to something more secure. KDE was chosen because it can be made to look virtually identical to Windows 7 -- the idea is the inflict the least apparent change as possible on humans reluctant to change.
kjhambrick: I got YAD from the Slackbuilds repo, but as you concluded, the keyboard is locked before YAD runs, so that approach isn't going to work.
I was not able to get Ivandi's suggestion working to replace the standard kscreenlocker_greet with a same-named script having `exec dm-tool lock`. It does appear that the lightdm-gtk-greeter runs, but I can't see it on my desktop -- possibly it is running in the "background"?
My current solution is posted in the thread http://www.linuxquestions.org/questi...ml#post5613045, wherein I replace the kcheckpass program with a script to snag the entered password, then do AD Authentication via ntlm_auth.
A document is opened in LibreOffice. The document is in a shared folder Share.
CL2 (SlackMATE)
User: Administrator
The user is connected to the shared folder on CL1 and tries to open the same document.
As you can see the user is warned that the document is already locked.
SLACK (PAMified Slackware running KDE and LibreOffice from Alien Bob)
User: Administrator
The user is connected to the shared folder on CL1 and tries to open the same document.
As you can see the user receives a copy (2013_0_test.odt) of the file without any warning that the same document is already locked/edited.
Cheers
Thanks ivandi.
I've done some tests on my main, non-PAM-enabled laptop ( Slackware64-14.2 + Multilib ) and I see somewhat odd behaviour with Alien Bob's LibreOffice there as well.
1. open two terminals ( aka konsoles ), both logged in as me ( konrad ).
2. start libreoffice --writer in terminal 1 on 'any writer file'
3. start libreoffice --writer in terminal 2 on the same writer file.
I instantly lose the first session and the second session takes over without warning that the file is already open.
I need to test further ( different users, etc ) but IMO, this is very odd ???
KDE was chosen because it can be made to look virtually identical to Windows 7 -- the idea is the inflict the least apparent change as possible on humans reluctant to change.
I see.
Well, I think it will be easier to recompile kde-workspace. Lets try something like this:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.