Re: [gdm-list] Separate username and password fields
- From: Ludwig Nussel <ludwig nussel suse de>
- To: gdm-list gnome org
- Subject: Re: [gdm-list] Separate username and password fields
- Date: Tue, 3 Aug 2010 17:32:21 +0200
Bob Doolittle wrote:
> Ludwig Nussel wrote:
> > Brian Cameron wrote:
> >
> >>> I've never liked that GDM only shows one field. I have on occasion
> >>> started to type my username in only to then notice it's coming up in
> >>> dots because the prompt to the side actually reads Password, but my
> >>> research indicates that there is no way to configure to GDM to display
> >>> separate fields for username and password. Which is a shame. Given
> >>> that having only one field can evidently cause confusion I'd like to
> >>> ask the developers to consider adding a configuration option to
> >>> display separate username and password fields. I feel that is much
> >>> more user friendly than using a single field.
> >>>
> >> This usability issue is raised from time-to-time. Unfortunately, the
> >> standard for handling authentication is PAM, and GDM also uses PAM.
> >> While PAM makes it possible to integrate novel authentication mechanisms
> >> (such as a fingerprint or SmartCard reader), its query/response protocol
> >> does not support asking multiple questions at the same time.
> >>
> >
> > Actually PAM does support multiple prompts at once. You just need a
> > module that actually asks for username and password in one
> > conversation (such as pam_unix2). Years ago I even made proof of
> > concept patch for GDM:
> > http://mail.gnome.org/archives/gdm-list/2007-February/msg00024.html
> > IIRC fixing the graphical greeter turned out to require too much
> > effort back then so I gave up.
> >
>
> I took a look at pam_unix2 version 1.30 from
> http://freshmeat.net/projects/pam_unix2/
> Is that the version you are referring to? I took a quick look over it.
> That module does not do anything unusual. It only prompts for a password.
The author forgot to update freshmeat and his home page I guess.
Have a look at the version we have in openSUSE (function __get_tokens()):
https://build.opensuse.org/package/files?package=pam-modules&project=openSUSE%3AFactory
Here's also a module that can be configured to issue arbitrary pam
conversations for testing purposes:
https://build.opensuse.org/package/files?package=pam_testprompt&project=home%3Alnussel
> Another thing that one *could* do (although I don't recommend it) is to
> configure something that ignores the PAM prompts and simply displays two
> pre-determined labels and hopes to get no more than two calls to the
> conversation function.
That's what kdm did when I last checked. Horrible. *shudder*
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
