Re: [gdm-list] Re: gdm user and pass fields together

From: Bob Doolittle <Robert Doolittle Sun COM>
To: Brian Cameron <Brian Cameron Sun COM>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Re: gdm user and pass fields together
Date: Mon, 03 Oct 2005 18:09:48 -0700

Brian Cameron wrote:


Michael:

I'm no power Windows user, but when I've used the XP login screen, the
username and password fields are not displayed at the same time. It seems
to work similar to how GDM works. Though perhaps it can be configured
differently than how I've seen it work.



The problem is that, as you imply below, username/password is just
one of the possible authentication dialogs that could be used.
It could just as easily be "Enter smartcard PIN" or "Put finger on scanner".


However, keep in mind that GDM depends upon PAM for authentication. The
idea behind PAM is that the PAM module determines how authentication
happens. In theory, you should be able to write a PAM module that
authenticates the user via eye-scanner or gets the username from a
smartcard rather than making the user type it in. It may be possible to

write a PAM module that prompts the username and password at the sametime.



Not without a crystal ball. PAM has a prompt/input model,
where each prompt generated is associated with a single
input from the user, and then the dialog can be driven by
PAM service modules in any way desired. PAM calls back to
the GUI conversation function to display the prompt and
capture the user response.

At the time you are asking for the username, you don't know
if the next prompt might be "password:" - it depends on
the PAM services being used and how the site administrator
configured them in the pam.conf file.

In a nutshell, a PAM client like GDM calls pam_authenticate,
and passes in a pointer to a callback function which can be
used to display a prompt and return a user-input response
(this is simplifying a little).
Depending on how the site admin has configured PAM, any type
of service can be used to authenticate the user, resulting
in any types of prompts/inputs, and this is transparent to
the client (GDM). Username/password using the passwd naming
service is just one such authentication service.

You gain a lot of flexibility this way, but you lose the ability to
display all authentication prompts on a single screen at once.

-Bob

Follow-Ups:
- Re: [gdm-list] Re: gdm user and pass fields together
  - From: Bob Doolittle

References:
- [gdm-list] Re: gdm user and pass fields together
  - From: Michael Lampard
- Re: [gdm-list] Re: gdm user and pass fields together
  - From: Brian Cameron

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]