Hi muradm, muradm <m...@muradm.net> writes:
[...] >> Could you look into adding "regular" login PAM support instead of a >> bypass disabled by default? The user should still be prompted for >> its >> password, and it should go through the PAM auth module. >> >> I'm not very PAM-aware, but I believe there are examples spread in >> the >> code base. > > This patch provides necessary configuration for proper PAM support. > I decided to take screen-locker-service-type's configuration as > basis, since it is was most simpliest and adequate enough for this > case. > This patch does not disables, baypasses or cheats PAM in any way. > User may navigate to CUPS portal. In the event of administrative > actions taken by user, CUPS portal asks user to authenticate. > With this configuration, it will attempt to authenticate as local > system user. In the event of proper system user/password supplied > and positively authenticated against PAM using "cups" service name, > user allowed to take administrative action. In the event of invalid > system user/password supplied, CUPS portal will keep looping > begging for password (just as in your original case). If user decides > to Cancel the authentication dialog, CUPS portal is navigated to > Unauthorized access informing page. > > Why would I submit something that it is not working? I didn't mean to imply that it didn't work; I just thought that it was somehow bypassing PAM (and the original problem it caused in the first place). As I wrote earlier, I know next to nothing about PAM, and misread your patch. I've now installed the change. Thanks for the fix, and thanks to Ricardo for the reminder. -- Maxim
