I started to write this about quite a while ago while I was working at Caldera, and then had to abandon it because we were already in BETA and I had other things to attend to :) I recently found some time to pick this up again, and have brushed it up quite a bit and started to integrate it into SuSE Linux.
If you're interested in my rationale for writing this, please check out this description.
Currently, I'm still hacking on this stuff quite heavily. I have called the current version 0.9.x nevertheless, because I believe you can already do some reasonable and useful stuff with it. I have cdrecord and minicom working with it, which IMHO proves that the concept works :)
Of course, there will probably be a few more changes to the code before I call it 1.0. In particular, I would like to have a few people skilled in doing security audits have a look at this thing. Thomas Biege already did so once, for which I'm really grateful. More audits very much welcome!
make install.
After that, you need to define access control lists in /etc/resmgr.conf.
For a start, it is probably a good idea to add a rule such as
allow desktop tty=:0
which will give everyone logged in via kdm/gdm access to resource class
desktop.
The final step is to start resmgrd and add pam_resmgr.so
to the PAM configuration file that controls your graphical login. Depending
on your distribution and desktop, this will be
/etc/pam.d/xdm, /etc/pam.d/gdm, /etc/pam.d/kdm, or
/etc/pam.d/kde.
And of course, the primary reference for up-to-the-minute information is the source.
UTSL! --okir