From owner-freebsd-hackers Thu Apr 24 10:03:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA17168 for hackers-outgoing; Thu, 24 Apr 1997 10:03:07 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.50]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id KAA17159 for ; Thu, 24 Apr 1997 10:03:03 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id JAA01478; Thu, 24 Apr 1997 09:59:11 -0700 From: Terry Lambert Message-Id: <199704241659.JAA01478@phaeton.artisoft.com> Subject: Re: Best way to hook into user logins / logouts ? To: davidn@unique.usn.blaze.net.au (David Nugent) Date: Thu, 24 Apr 1997 09:59:11 -0700 (MST) Cc: abelits@phobos.illtel.denver.co.us, adrian@staff.psinet.net.au, freebsd-hackers@FreeBSD.ORG In-Reply-To: <199704240551.PAA26327@unique.usn.blaze.net.au> from "David Nugent" at Apr 24, 97 03:51:44 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > ...and this is exactly what I mean by "broken" -- starting xterm isn't > > exactly "login". > > Oh, well then I guess it depends on your definition. :) It *is* in > fact a session, even in the truest technical sense. But even under > your more strict definition of "login", then you'd miss a lot of > real "logins" if you didn't account form them, for example, if an > xterm was started from remote by: > > rsh exec env DISPLAY=$HOSTDISPLAY xterm & What? No. A session is an authentication instance; xdm is a session manager. "Regular" logins don't make a distinction between "session" and "process group leader", and are essentially tty bound because of this. If xterm's were sessions rather than seperate process group leaders under a single "session", then you would be required to resupply your credentials when you started them. Yes, this is all pretty kludged, and the setsid()/setpgid()/tcsetpgrp() crap is all pretty kludged when it comes to the idea of "session". It's a shame, because the concept of "session" and the idea that multiple session reference the same credential instance instead of referring to identical (but seperate) credential instances is *truly* useful for things like SMBFS, ATPFS, NCPFS, and other PC networking style authentication models applying to UNIX cerdentials on a per credential (user) basis. It's also useful for tty unbinding, to allow a process group leader to be attached/detached to/from other tty's while leaving the underlying session intact. You can do that if you define a session as a process group leader attached to a controlling tty (which is the purpose of tcsetpgrp() et al.). Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.