Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bayindirh 3 hours ago

I worked on both Linux login process, SDDM and LightDM in the past. The process is complex to put it mildly.

While PAM is a relatively straightforward system, interfacing with it and handling what it says is a bit backwards and complex (e.g.: Try to handle and relay LDAP password policy warnings to the user while in the login screen, and you'll have a fun time).

While I don't like systemd, I can understand why KDE devs want to integrate with it, esp. if doing so simplifies their life and reduces the number of edge cases.

Also, last but not the least, a KDE session is a complex beast. KDE overrides almost half of the environment it inherits to realize what the user has requested via System Settings (locales, esp.).

So this is why I don't condone, but understand what they did.

...and yes, as everyone said, KDE will work with any login manager.

busterarm 3 hours ago | parent [-]

PAM is indeed a minefield.

A while back I lost a system because I had it configured with full disk encryption and pam_usb for totp-enhanced logins. A bugged update that I applied via pacman broke PAM and I lost my ability to login. This would have been just annoying and not catastrophic had I not also had FDE and forgotten where I stored my LUKS key.

Lesson learned.

bayindirh 3 hours ago | parent [-]

> PAM is indeed a minefield.

I'd not label it such, but as "critical infrastructure". The problem in your case actually was not in PAM but in pacman. For example, apt and yum/dnf checks whether the checksum of the file being changed is different from the original (provided by the package). In standard configuration, apt asks what to do, dnf just puts the file with .rpmnew extension to prevent these kinds of problems.

pacman's "I don't care, this is the new file and I overwrite what I see" is very dangerous behavior.

sudahtigabulan 3 hours ago | parent | next [-]

Pacman does check for changes in configuration files, and adds .pacnew files instead of overwriting them:

https://wiki.archlinux.org/title/Pacman/Pacnew_and_Pacsave

busterarm an hour ago | parent | prev | next [-]

Even configuring PAM to get what I wanted to begin with was somewhat of an ordeal and took a few tries where I locked myself out of the system as I was building it before I eventually got it right.

Also my problem wasn't really pacman either. It was full disk encryption.

bayindirh an hour ago | parent [-]

Understanding how PAM works is a source of confusion, and the documentation is almost non-existent and tribal. That part is very true.

But, after understanding it once, I found the process very intuitive and logical, to be honest.

SSLy 3 hours ago | parent | prev [-]

pacman puts `.pacnew` files just like RPM does.