Re: [gdm-list] how to use authentication feature of GDM in a screen saver
- From: Jedy Wang <Jedy Wang Sun COM>
- To: Ray Strode <halfline gmail com>
- Cc: mccann jhu edu, gdm-list gnome org
- Subject: Re: [gdm-list] how to use authentication feature of GDM in a screen saver
- Date: Fri, 09 Apr 2010 16:39:14 +0800
On 04/ 9/10 04:12 AM, Ray Strode wrote:
I haven't thought about this very hard yet, but I don't think that's
conceptually the right approach. The GreeterServer is an interface
for serving the greeter. The screensaver isn't a greeter, so I don't
think it's the right way to go.
I can give you a bit of a brain dump, but I don't have all the answers
or the time atm to investigate.
Every logged-in session has an associated session worker running in
the background. This is the worker that processed the pam
conversation that initiated the log in, and it's waiting for the
session to end to do a proper pam_close_session.
This same worker already has some stub code for doing
reauthentication. It might make sense to flesh that stub code out
rather than starting a new worker and getting a fresh pam handle.
This may cause issues in practice. I haven't tried it.
Yes, I noticed that. The problem is that session worker does not
provides any useful interfaces. It connects to session slave through a
private bus created by session slave, answers to the DBus signals
emitted by session slave. The greeter server is the only DBus object I
can find which provides the PAM authentication inerface I need although
they are only provided through a private bus.
One feature GDM has started implementing but is currently commented
out is gdm "factory mode". The way this works is there is always a
greeter on vt1 (or maybe vt7 depending on how you have things
configured). Whenever you login, the session is started on a brand
new vt, and the greeter sticks around on its vt. Anytime the user
switcher is used, it just jumps back to the greeter vt to process the
user switch. If we used factory mode, then unlock could be just
another form of user switching. Instead of locking one active session,
switching to the greeter, and then unlocking another session, it's
locking one active session, switching to the greeter, and then
unlocking that same session.
Make sense?
This is what we plan to do. But in some cases we can not lock a display
in this way and have to fall back to the old gnome-screensaver way. In
that case, we want to integrate the GUI from gnome-screensaver with the
PAM implemenation from gdm.
Regards,
Jedy
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]