Re: [gdm-list] how to use authentication feature of GDM in a screen saver
- From: Jeff Cai <Jeff Cai Sun COM>
- To: Ray Strode <halfline gmail com>
- Cc: gdm-list gnome org, mccann jhu edu
- Subject: Re: [gdm-list] how to use authentication feature of GDM in a screen saver
- Date: Fri, 16 Apr 2010 14:22:24 +0800
Currently there are two cases we need to consider, one is the
environment with display switching support and the other is that of
without display switching, i.e remote display.
For the environment with display switching offered by VT, we can use the
GDM framework which contains the 'factory mode'. But the greeter session
is always running in a VT. For screen lock, it looks like there should
be more unlock greeter sessions running at the same time for different
user sessions. For example, if two user sessions are locked in one
machine, two unlock greeter sessions with two VTs need running.
For the environment without display switching, it seems hard to use
GdmSessionRelay interface since GdmSessionRelay does not provide DBus
interfaces that can be used by the Unlock dialog. The DBus interfaces
GdmSessionRelay exposed are used by GdmProductSlave, while not GUI
applications like greeter. You can refer to the diagram of work flow at
If we can not use the GreeterServer interface, since the implementation
of PAM backend is in gdm-session-worker, how about interacting directly
with gdm-session-worker? Although gdm-session-worker does not provide
DBus services, we can imitate what GdmSessionDirect has done in the
screen unlock program. Refer to
On Solaris, since the PAM backend should be a suid program, we can also
provide a simple suid pam-helper program which can not share the same
PAM code in GDM.
On Fri, 2010-04-09 at 07:46 -0400, Ray Strode wrote:
> > Yes, I noticed that. The problem is that session worker does not provides
> > any useful interfaces. It connects to session slave through a private bus
> > created by session slave, answers to the DBus signals emitted by session
> > slave. The greeter server is the only DBus object I can find which provides
> > the PAM authentication inerface I need although they are only provided
> > through a private bus.
> Well the greeter server is basically just wrapping the GdmSession
> interface in an interface available to the greeter (along with some
> other stuff like session selection). If you were going to down this
> route, you'd probably want to use something like GdmSessionRelay
> exposed over the session bus (or via a private connection accessible
> from the session bus).
> Of course, GDM doesn't know about the session bus, since it's started
> after GDM starts the Xsession script. You would probably need to
> change GDM to start the session bus so that it knows about it.
> Actually, that's probably a good idea anyway orthogonal to all of
> this. That means some distributions will need to be updated, though.
> But stepping back a little... I'm not sure it's a good idea to do
> things this way.
> > In that case, we want to integrate the GUI from gnome-screensaver with the PAM
> > implemenation from gdm.
> Why? Why not just keep screensaver doing what it already does for those cases?
> gdm-list mailing list
> gdm-list gnome org
] [Thread Prev