Re: [gdm-list] how to use authentication feature of GDM in a screen saver

From: Jedy Wang <Jedy Wang Sun COM>
To: Ray Strode <halfline gmail com>
Cc: mccann jhu edu, gdm-list gnome org
Subject: Re: [gdm-list] how to use authentication feature of GDM in a screen saver
Date: Fri, 09 Apr 2010 16:39:14 +0800

On 04/ 9/10 04:12 AM, Ray Strode wrote:

I haven't thought about this very hard yet, but I don't think that's
conceptually the right approach.  The GreeterServer is an interface
for serving the greeter.  The screensaver isn't a greeter, so I don't
think it's the right way to go.

I can give you a bit of a brain dump, but I don't have all the answers
or the time atm to investigate.

Every logged-in session has an associated session worker running in
the background.  This is the worker that processed the pam
conversation that initiated the log in, and it's waiting for the
session to end to do a proper pam_close_session.

This same worker already has some stub code for doing
reauthentication.  It might make sense to flesh that stub code out
rather than starting a new worker and getting a fresh pam handle.
This may cause issues in practice.  I haven't tried it.

Yes, I noticed that. The problem is that session worker does notprovides any useful interfaces. It connects to session slave through aprivate bus created by session slave, answers to the DBus signalsemitted by session slave. The greeter server is the only DBus object Ican find which provides the PAM authentication inerface I need althoughthey are only provided through a private bus.

One feature GDM has started implementing but is currently commented
out is gdm "factory mode".  The way this works is there is always a
greeter on vt1 (or maybe vt7 depending on how you have things
configured).  Whenever you login, the session is started on a brand
new vt, and the greeter sticks around on its vt.  Anytime the user
switcher is used, it just jumps back to the greeter vt to process the
user switch.  If we used factory mode, then unlock could be just
another form of user switching. Instead of locking one active session,
switching to the greeter, and then unlocking another session, it's
locking one active session, switching to the greeter, and then
unlocking that same session.

Make sense?

This is what we plan to do. But in some cases we can not lock a displayin this way and have to fall back to the old gnome-screensaver way. Inthat case, we want to integrate the GUI from gnome-screensaver with thePAM implemenation from gdm.


Regards,

Jedy

Follow-Ups:
- Re: [gdm-list] how to use authentication feature of GDM in a screen saver
  - From: Ray Strode

References:
- [gdm-list] how to use authentication feature of GDM in a screen saver
  - From: Jedy Wang
- Re: [gdm-list] how to use authentication feature of GDM in a screen saver
  - From: Ray Strode

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]