[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] for all you systemd haters...

On Fri, Feb 16, 2018 at 12:41:15PM -0800, Alex Carver via Ale wrote:
> What exactly is logind supposed to handle?  I've already searched
> multiple times and most sites regurgitate the manual without really
> discussing what it's supposed to be doing and how it's different or
> better than other implementations.  I've not come across anything that
> explains it well.

Logind manages user sessions. It ensues that when a user logs out all of 
their detritus is cleaned up properly, or that if you switch to a 
different user then appropriate permissions are set up and revoked -- 
this can even extends to stuff like network authentication, which may 
require per-user authentiction.

It also (for all practical purposes) made multi-seat Linux systems 
feasible; that is a single box with different users simultaneously 
logged in using different sets of displays/keyboards/etc.  Granted, 
other things like rootless X (via KMS) were also necessary, but logind 
tied it all together and finally made it work.

> I ask in all seriousness because the few things I've been able to find
> are worded in ways suggesting that logind has abilities that have never
> existed before.  For example, one site says that logind provides the
> ability to track user logins but that was already possible for both
> individual machines and for central authentication (Kerberos and more
> recently Active Directory).  Again, in context (with paragraphs before
> and after) it extends the claim of an ability to "this has not been
> possible before" (paraphrased).

logind is not "tracking" logins so much as ensuring that everything a 
user gets up to is properly lumped in together so that when they log out 
you don't end up with stray processes or permissions out of whack. 

AD and Kerberos are both much lower-level mechanisms that are orthogonal 
to logind.  Kerberos can easily be the authentication mechanism, while 
AD might only care that a given user is logged into on machine X for 
accounting purposes (eg there may be a security policy to prevent a user 
from being logged into more than one machine at a time.  logind only 
knows or otherwise cares about the local system)

 - Solomon
Solomon Peachy			       pizza at shaftnet dot org
Coconut Creek, FL                          ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20180216/a200d076/attachment.sig>