Hi, > how do you intend to support getty logins, i.e. non-graphical > text-based only logins, where you cannot just open a webbrowser? oidc > device flow? Exactly. > That's tough. PAM has a lot on implicit and explicit state attached to > the PAM handle... And you can have PAM conversations and so on > (i.e. prompting arbitrary questions) which makes PAM compat really > really messy... I know. But that's an issue of PAM, not of talking to a Varlink API. Talking to a remote API will IMHO improve this a lot for my use case – imagine spawning a sandboxed webbrowser in a display manager from the single-threaded non-reentry-safe context of a PAM conversation. Asking an external daemon to handle that and jsut keep polling it for a result seems much more reasonable. -nik
Attachment:
signature.asc
Description: PGP signature
