[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] for all you systemd haters...
On Fri, Feb 16, 2018 at 12:41:15PM -0800, Alex Carver via Ale wrote:
> What exactly is logind supposed to handle? I've already searched
> multiple times and most sites regurgitate the manual without really
> discussing what it's supposed to be doing and how it's different or
> better than other implementations. I've not come across anything that
> explains it well.
Logind manages user sessions. It ensues that when a user logs out all of
their detritus is cleaned up properly, or that if you switch to a
different user then appropriate permissions are set up and revoked --
this can even extends to stuff like network authentication, which may
require per-user authentiction.
It also (for all practical purposes) made multi-seat Linux systems
feasible; that is a single box with different users simultaneously
logged in using different sets of displays/keyboards/etc. Granted,
other things like rootless X (via KMS) were also necessary, but logind
tied it all together and finally made it work.
> I ask in all seriousness because the few things I've been able to find
> are worded in ways suggesting that logind has abilities that have never
> existed before. For example, one site says that logind provides the
> ability to track user logins but that was already possible for both
> individual machines and for central authentication (Kerberos and more
> recently Active Directory). Again, in context (with paragraphs before
> and after) it extends the claim of an ability to "this has not been
> possible before" (paraphrased).
logind is not "tracking" logins so much as ensuring that everything a
user gets up to is properly lumped in together so that when they log out
you don't end up with stray processes or permissions out of whack.
AD and Kerberos are both much lower-level mechanisms that are orthogonal
to logind. Kerberos can easily be the authentication mechanism, while
AD might only care that a given user is logged into on machine X for
accounting purposes (eg there may be a security policy to prevent a user
from being logged into more than one machine at a time. logind only
knows or otherwise cares about the local system)
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available