I started working on a solution to restrict remote xwindows connections based upon group membership this morning and finally thought of a very simple solution (I decided to standardize our servers on using kdm instead of gdm, not related to this solution though). The solution I came up with to restrict kdm logins was to add the following line in /etc/pam.d/kdm: auth required /lib/security/$ISA/pam_succeed_if.so quiet user ingroup group1 I thought others may find this helpful. Aaron -----Original Message----- From: Aaron Bliss [mailto:abliss@xxxxxxxxxxxxx] Sent: Friday, February 29, 2008 8:59 AM To: General Red Hat Linux discussion list Subject: Re: question on x windows I have this working. Turned out to be bad gdm custom.conf file. Everything seems to be working fine now. Is there a way to require a user be in a certain group in order to connect to gdm or xwindows? In sshd_conf, there is a AllowGroups option. Is there any simular way to restirct access for gdm? Thanks. Aaron Aaron Bliss wrote: > Hi everyone, > I'm very close to having this working properly. Here's what's > installed. GDM and kde, gnome is not installed. Here is what I'm > seeing. GDM is listening and accepting connections properly. > 1. After logging into a session via x windows, if a user right clicks > the desktop and selects loggoff, kde attempts to start another > re-spawn a new display on DISPLAY 0, which of course would only work > if the user was actually logged in at the console. If the user just > ends the x session (closes the client window on their computer, > everything works and closes fine). Is there away to remove the > loggoff option from kde? > 2. When a user connects to gdm (they haven't logged in yet, they are > sitting at the login prompt) and clicks the session button and chooses > a session that is not their default session, the desktop and kde load > fine. If the user does not click the session button, then kde never > loads and all they get is a black screen, no errors or anything. > Please advise as to how I can work around these 2 bugs. If there > isn't an easy workaround, I would like to possibly try kdm. Is there > a way to stop gdm and start kdm without restarting the box? Thanks. > > Aaron -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
