IRC channel logs
2021-06-18.log
back to list of logs
<PurpleSym>rekado: Oh, I see. Is that a problem currently? I never tested PAM authentication (i.e. running rserver/rsession with different users). <rekado>because I was just about to deploy RStudio Server from Guix on a bunch of servers. <rekado>PAM authentication works fine on RHEL with pamtester <rekado>I launch rserver with --auth-pam-helper-path=/usr/local/bin/rstudio-pam-helper <rekado>that’s a script that only does this: exec /bin/pamtester rstudio $1 authenticate <rekado>it uses the “rstudio” PAM settings (first argument to pamtester), followed by the username, and tries to authenticate the user. <rekado>the return value of the script is what RStudio uses to deny or grant access <rekado>this little bug means that people are unable to actually switch R versions when rserver runs as a different user account. <rekado>that’s because we write to their own “active session” and then attempt to read from root’s non-existent session <rekado>it doesn’t outright throw an error; switching versions just has no effect <PurpleSym>Ah, okay, I see. I thought we’d have to actually link rserver against pam. <rekado>no, luckily we don’t have to. --auth-pam-helper-path could be set to *anything*, but for integration with existing PAM policies it should be something that links with the system’s PAM. The system-installed pamtester fits the bill.