VirtualBox

Changeset 38483 in vbox


Ignore:
Timestamp:
Aug 17, 2011 9:18:57 AM (13 years ago)
Author:
vboxsync
Message:

pam_vbox: Documentation.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/doc/manual/en_US/user_AdvancedTopics.xml

    r37963 r38483  
    331331      will then be recorded using syslog.</para>
    332332
    333       <para><warning>
    334           <para>At present, the GDM display manager only retrieves credentials
    335           at startup so unless the credentials have been supplied to the guest
    336           before GDM starts, automatic logon will not work. This limitation
    337           needs to be addressed by the GDM developers or another display
    338           manager must be used.</para>
    339         </warning></para>
     333      <para><note>
     334          <para>By default, pam_vbox will not wait for credentials to arrive from
     335          the host, in other words: When a login prompt is shown (for example by
     336          GDM/KDM or the text console) and pam_vbox does not yet have credentials
     337          it does not wait until they arrive. Instead the next module in the PAM
     338          stack (depending on the PAM configuration) will have the chance for
     339          authentication.</para>
     340        </note></para>
     341
     342      <para>Starting with VirtualBox 4.1.4 pam_vbox supports various guest property
     343      parameters which all reside in <computeroutput>/VirtualBox/GuestAdd/PAM/</computeroutput>.
     344      These parameters allow pam_vbox to wait for credentials to be provided by the
     345      host and optionally can show a message while waiting for those. The following
     346      guest properties can be set:</para>
     347
     348      <orderedlist>
     349
     350        <listitem>
     351          <para><computeroutput>CredsWait</computeroutput>: Set to "1" if pam_vbox should
     352          start waiting until credentials arrive from the host. Until then no other authentication
     353          methods such as manually logging in will be available. If this property is empty or get
     354          deleted no waiting for credentials will be performed and pam_vbox will act like before (see
     355          paragraph above). This property must be set read-only for the guest
     356          (<computeroutput>RDONLYGUEST</computeroutput>).</para>
     357        </listitem>
     358
     359        <listitem>
     360          <para><computeroutput>CredsChanged</computeroutput>: Acts as "beacon" and is also
     361          read- and writeable from the guest. If set o any value (e.g. to "1") waiting
     362          for credentials will be aborted. If credentials are provided before
     363          setting <computeroutput>CredsChanged</computeroutput>, these credentials will be taken for
     364          authentication. To disable another round of waiting for new credentials to arrive
     365          the property <computeroutput>CredsWait</computeroutput> can be set to empty (deleted) before.</para>
     366        </listitem>
     367
     368        <listitem>
     369          <para><computeroutput>CredsWaitTimeout</computeroutput>: Timeout (in seconds) to let pam_vbox
     370          wait for credentials to arrive. When no credentials arrive within this timeout, authentication
     371          of pam_vbox will be set to failed and the next PAM module in chain will be asked. If this
     372          property is not specified, set to "0" or an invalid value, an infinite timeout will be used.
     373          This property must be set read-only for the guest (<computeroutput>RDONLYGUEST</computeroutput>).</para>
     374        </listitem>
     375
     376      </orderedlist>
     377
     378      <para>To customize pam_vbox further there are the following guest properties:</para>
     379
     380      <orderedlist>
     381
     382        <listitem>
     383          <para><computeroutput>CredsMsgWaiting</computeroutput>: Custom message showed while pam_vbox is
     384          waiting for credentials from the host. This property must be set read-only for the guest
     385          (<computeroutput>RDONLYGUEST</computeroutput>).</para>
     386        </listitem>
     387
     388        <listitem>
     389          <para><computeroutput>CredsMsgWaitTimeout</computeroutput>: Custom message showed when waiting
     390          for credentials by pam_vbox timed out, e.g. did not arrive within time. This property must be set
     391          read-only for the guest (<computeroutput>RDONLYGUEST</computeroutput>).</para>
     392        </listitem>
     393
     394      </orderedlist>
     395
     396      <para><note>
     397          <para>If a pam_vbox guest property does not have set the right flags (<computeroutput>RDONLYGUEST</computeroutput>)
     398          this property will be ignored then and - depending on the property - a default value will be
     399          set. This can result in pam_vbox not waiting for credentials. Consult the appropriate syslog file for
     400          more information and use the <computeroutput>debug</computeroutput> option.</para>
     401        </note></para>
     402
    340403    </sect2>
    341404  </sect1>
     
    547610        4.1.</para>
    548611    </footnote></para>
    549    
     612
    550613    <note><para>The PCI passthrough module is shipped as a VirtualBox extension
    551614      package, which must be installed separately. See <xref
     
    16621725      order:
    16631726      <itemizedlist>
    1664         <listitem>specified via VBoxBalloonCtrl command line parameter 
     1727        <listitem>specified via VBoxBalloonCtrl command line parameter
    16651728          <computeroutput>--balloon-max</computeroutput></listitem>
    16661729        <listitem>per-VM parameter using
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette