generic: preparations to ditch KDM

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>

ConfigureChecks.cmake

@@ -12,19 +12,8 @@ include(CheckSymbolExists)
 include(CheckLibraryExists)
 
 if (PAM_FOUND)
-    set(KDE4_COMMON_PAM_SERVICE "kde" CACHE STRING "The PAM service to use unless overridden for a particular app.")
-
-    macro(define_pam_service APP)
-        string(TOUPPER ${APP}_PAM_SERVICE var)
-        set(cvar KDE4_${var})
-        set(${cvar} "${KDE4_COMMON_PAM_SERVICE}" CACHE STRING "The PAM service for ${APP}.")
-        mark_as_advanced(${cvar})
-        set(${var} "\"${${cvar}}\"")
-    endmacro(define_pam_service)
-
-    define_pam_service(KDM)
-    define_pam_service(kscreensaver)
-
+    set(KDE4_PAM_SERVICE "kde" CACHE STRING "The PAM service")
+    mark_as_advanced(KDE4_PAM_SERVICE)
 endif (PAM_FOUND)
 
 find_program(some_x_program NAMES iceauth xrdb xterm)

README.pam

@@ -1,6 +1,6 @@
 KDE can be configured to support the PAM ("Pluggable Authentication 
-Modules") system for password checking by the display manager kdm and 
-by the screen saver kscreensaver (for unlocking the display).
+Modules") system for password checking by the screen saver kscreensaver (for
+unlocking the display).
 
 PAM is a flexible application-transparent configurable user-authentication 
 system found on FreeBSD, Solaris, and Linux (and maybe other unixes).
@@ -15,7 +15,7 @@ Known Solaris Issues:
 
 For compiling PAM support on Solaris, PAM_MESSAGE_CONST must NOT
 be defined. This should now be handled automatically by the
-configure script.
+build system.
 
 
 Using PAM
@@ -25,16 +25,13 @@ By default, PAM is automatically used, if it is found. Use
 -DWITH_PAM=FALSE to disable it.
 
 If PAM is found, KDE usually uses the PAM service "kde". You may
-override it for all KDE programs by using -DKDE4_COMMON_PAM_SERVICE=<service>
-and/or individually by using -D<prog>_PAM_SERVICE=<service>, where <prog> is
-one of KDM and kscreensaver (both use kcheckpass).
+override it for all KDE programs by using -DKDE4_PAM_SERVICE=<service>.
 
-Two files are provided but not installed - kde.pamd and kscreensaver.pamd.
-The usual location to put these files is /etc/pam.d/. You may want to edit
-the definitions in them to meet your needs, on BSD host for example you may
-have to substitue "pam_unix.so" with "pam_bsdauth.so". If the services are
-misconfigured, you will NOT be able to login via KDM and/or unlock a locked
-screen!
+One file is provided but not installed - kde.pamd. The usual location to put
+that file is /etc/pam.d/. You may want to edit the definitions in them to meet
+your needs, on BSD host for example you may have to substitue "pam_unix.so"
+with "pam_bsdauth.so". If the services are misconfigured, you will NOT be able
+to unlock a locked screen!
 
 To verify the configuration you can invoke kcheckpass directly and examine
 its exit status. If it is not 0 when correct password is entered (if
@@ -44,30 +41,24 @@ Authorization failure reason should be logged to /var/log/auth.log.
 
 If there is ever any doubt about which PAM service a program was
 compiled with, it can be determined by examining the PAM-generated 
-entries in the system log associated with kdm logins or kscreensaver
+entries in the system log associated with kcheckpass for
 authentication failures.
 
 PAM configuration files have four types of entries for each service:
 
-type		used by kdm		used by kscreensaver
-----		-----------		--------------------
-auth		    x				x
-account		    x				
-password	    x				
-session		    x
+type            used by kcheckpass
+----            ------------------
+auth             x
+account          x
+password         x
+session          x
 
 There may be more than one entry of each type. Check existing PAM
 configuration files and PAM documentation on your system for guidance as
 to what entries to make.  If you call a PAM service that is not
 configured, the default action of PAM is likely to be denial of service.
 
-Note: kdm implements PAM "session" support, which is not implemented in
-certain PAM-aware xdm's that it may be replacing (e.g., the Red Hat 
-Linux 5.x xdm did not implement it).  This may be configured to carry out
-actions when a user opens or closes an kdm session, if a suitable PAM 
-module is available (e.g., mount and unmount user-specific filesystems).
-
-Note 2: Screensavers typically only authenticate a user to allow him/her
+Note: Screensavers typically only authenticate a user to allow him/her
 to continue working. They may also renew tokens etc., where supported.
 See the Linux PAM Administrators guide, which is part of the PAM
 distribution, for more details. 

config-unix.h.cmake

@@ -4,11 +4,8 @@
 /* Define if your PAM expects a conversation function with const pam_message (Solaris) */
 #cmakedefine PAM_MESSAGE_CONST 1
 
-/* The PAM service to be used by kdm */
-#cmakedefine KDM_PAM_SERVICE ${KDM_PAM_SERVICE}
-
-/* The PAM service to be used by kscreensaver */
-#cmakedefine KSCREENSAVER_PAM_SERVICE ${KSCREENSAVER_PAM_SERVICE}
+/* The PAM service to be used by kcheckpass */
+#cmakedefine KDE4_PAM_SERVICE "${KDE4_PAM_SERVICE}"
 
 /* Defines if your system has the getspnam function */
 #cmakedefine HAVE_GETSPNAM 1

kcheckpass/kcheckpass.c

@@ -314,7 +314,7 @@ int
 main(int argc, char **argv)
 {
 #if defined(HAVE_PAM)
-    const char *caller = KSCREENSAVER_PAM_SERVICE;
+    const char *caller = KDE4_PAM_SERVICE;
 #endif
     const char *username = 0;
 #ifdef ACCEPT_ENV

kdm/README

@@ -9,8 +9,7 @@ Semi-official home page: http://developer.kde.org/~ossi/sw/kdm.html
 cmake options that affect KDM
 -----------------------------
 
--DKDE4_COMMON_PAM_SERVICE:STRING=service
--DKDE4_KDM_PAM_SERVICE:STRING=service
+-DKDE4_PAM_SERVICE:STRING=service
   Set the PAM service used by all of kdebase resp. specifically by KDM.
   Whether PAM should be used in the first place is auto-detected.
 

kdm/config.def

@@ -781,7 +781,7 @@ Description:
 Key: PAMService
 If: defined(USE_PAM)
 Type: string
-Default: KDM_PAM_SERVICE
+Default: KDE4_PAM_SERVICE
 User: core
 Instance: -
 Comment: -

kscreensaver.pamd

@@ -1,2 +0,0 @@
-#%PAM-1.0
-auth       required     pam_unix.so shadow nullok