Re: setting initial prompt of gdmlogin using PAM conversation functio n
- From: pedro noticioso <cucnews yahoo com>
- To: George <jirka 5z com>, Naomaru Itoi <nitoi activcard com>
- Cc: "'gdm SunSITE dk'" <gdm sunsite dk>, Venkatrao Rapaka <vrapaka activcard com>, Rama Kristipati <rama kristipati activcard co in>
- Subject: Re: setting initial prompt of gdmlogin using PAM conversation functio n
- Date: Mon, 17 Feb 2003 08:36:52 -0800 (PST)
well it is supposed to be a smart card, I dont know
exactly how current smart cards work but it makes me
think it has something like the password because they
are supposed to login the user completely, not ask for
password after using the card, so my idea is to add
something similar to an ssh key or something for the
authentication, since sun thin clients already do it,
a peak wouldnt hurt ;)
--- George <jirka 5z com> wrote:
> On Fri, Feb 14, 2003 at 06:48:46PM -0800, Naomaru
> Itoi wrote:
> > Hi,
> >
> > Thank you for your great job as usual.
> >
> > We are writing a smartcard PAM module, and are
> trying to set a prompt in GDM
> > Greeter (gdmlogin). We want to prompt something
> like "Please enter username
> > or insert smartcard" at the begining of the login
> process. We are testing
> > this with gdmlogin.
> >
> > We can set a prompt using a conversation function
> all right. This is good.
> > (Thanks!)
> >
> > However, gdmlogin always displays a prompt
> "Username" before calling
> > pam_sm_authenticate(). It is only after a user
> enters a username and hits
> > Enter Key that pam_sm_authenticate() is called.
> So our PAM module doesn't
> > have a chance to override the initial message.
> >
> > Is there any way to work around it and display a
> different message as the
> > initial message?
>
> Not currently. This requires some rework of how gdm
> works. It would not be
> too hard actually and Sun seems to be interested in
> doing this too. The
> basic idea is to change gdm to not assume that we
> get a username before pam.
> I'm busy working on my thesis (and related stuff)
> currently so I don't really
> have time to work on this right now. I'd really
> like this to be done for
> gnome 2.4 however as it would bring gdm into full
> pam compliance.
>
> The biggest problem is passwordless guest login that
> is currently done in
> gdm. I suppose we can somewhat scrap this feature
> and say that it should be
> done in pam and not in gdm.
>
> > I guess we can replace the greeter by changing
> gdm.conf. But we would like
> > to limit our code to the PAM module, if possible.
>
>
> Of course, however currently gdm doesn't allow this.
> In fact even replacing
> the greeter won't help you here except only for
> changing the initial prompt.
> I suppose you want the username to be read from the
> smartcard, but currently
> the username reading is going outside of pam.
>
> George
>
> --
> George <jirka 5z com>
> Let's not bicker and argue about who killed who.
> -- Monty Python
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: gdm-unsubscribe sunsite dk
> For additional commands, e-mail: gdm-help sunsite dk
>
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]