Re: [gdm-list] update

From: Bob Doolittle <Robert Doolittle Sun COM>
To: Brian Cameron <Brian Cameron Sun COM>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] update
Date: Fri, 26 Oct 2007 16:21:36 -0400

Hi Brian,

Brian Cameron wrote:

I'd like to understand this better.  We make extensive use of
the PostLoginScriptDir, PreSessionScriptDir, PostSessionScriptDir,
and DisplayInitDir hooks in gdm.conf.  Will those remain supported?

It's good to highlight which configuration options that you depend
on, so I appreciate that.  Does Sun Ray support them in per-display
fashion?


Not currently.  We configure them for all
displays, and we put conditionals around our code
that test whether $DISPLAY represents a Sun Ray
managed display (so as to do nothing if it's not a
display we manage).  This seems lighter-weight and
more robust than copying or linking files during
dynamic session configuration.

We also use the /etc/X11/xinitrc/xinitrc.d/ hook
which is invoked from /etc/X11/gdm/Xsession
with the user's uid (as opposed to all the other
hooks which run under root uid).  I suspect that's
not being changed.

Note the stable GDM allows you to create files like
Default:0 which allows people to create a special PreSession script
only used with $DISPLAY=:0, for example.


We could do that but would prefer a static, global
configuration that we can update at SRSS
install/activation time rather than for each new
session.

However, if in future we have different
per-display needs we might go the route you
suggest.  For instance, we'd be interested in
using GDM for various forms of
application-dependent authentication besides
login.  The idea is that we'd create a new
dynamic session of a special type/configuration
for that purpose when necessary.

As an example, when you insert a smartcard that
identifies you today (and the smartcard isn't
being used actively for authentication), SRSS
connects directly to the user's session, and relies
on the desktop screen locker for
authentication/security.  This has various
shortcomings.  I'm working on a project which
creates a new session (not using GDM yet) and
uses our own GUI to authenticate the user before
we connect the Thin Client to the user's session,
for increased security robustness.
We'd prefer to migrate to using the GDM greeter
for this purpose in the future, which would
require configurability of the various exposed
widgets and behavior (e.g. no point to GDM
offering choosers for the type of desktop session
or locale, since the user's session already
exists.  Also we'd need to configure
a different PAM stack).  This may be a pipe
dream but we'd prefer to leverage existing GUI
PAM clients and display managers.

At the moment, the existing code doesn't support these hooks, aside
from the Init script.  For the Init script, the new GDM hardcodes the
location of the script to the GDM configuration directory, where the
scripts are installed by default.


We could live with that, although it's cleaner
when we can "register a namespace" through
configuration to avoid any possible collisions and
to clearly partition our software.

I don't think only Sun Ray depends on these hooks, so I anticipate
that these will continue to need support in some fashion.  I imagine
it will be broken in the 2.21.1 release, though.


Thanks - I just wanted to highlight our needs
earlier rather than springing them on folks at the
last minute.

-Bob

Disclaimer: Opinions expressed in this mail are my own,
and are not necessarily shared by my employer

References:
- [gdm-list] update
  - From: William Jon McCann
- Re: [gdm-list] update
  - From: Brian Cameron
- Re: [gdm-list] update
  - From: Bob Doolittle
- Re: [gdm-list] update
  - From: Brian Cameron

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]