Ok, but what about PAM? Greeters should run as the same user lightdm does, so authentication is already skipped for them (do_authenticate is false), but do pam_open_session or pam_acct_mgmt make sense? If we skip pam_open_session for greeters, we can use pam_lastlog for actual user sessions, but I'm thinking we should skip PAM altogether if it's not an actual user session. That would require some refactoring.
Ok, but what about PAM? Greeters should run as the same user lightdm does, so authentication is already skipped for them (do_authenticate is false), but do pam_open_session or pam_acct_mgmt make sense? If we skip pam_open_session for greeters, we can use pam_lastlog for actual user sessions, but I'm thinking we should skip PAM altogether if it's not an actual user session. That would require some refactoring.