Re: [gdm-list] Screensaver Solution Discussion




Jeff:

I summarized the steps about how screensaver works. Because a user can disable VT,
also because VT has not been supported on some platforms yet, for example SUN Sparc,
we will handle both situations separately.

Yes, we need to support both VT and non-VT environments. When users log into XDMCP sessions, for example, they also will not have access to
VT.

1. After the user logs in, the user's gnome-screensaver (user session) process will
start.

2. When gnome-session tells that the session is idle,
gnome-screensaver
will start a full-screen window and grab the keyboard and the pointer,
that is to say, the user's session is locked.

gnome-screensaver tells GDM that the user's session is locked. GDM will
start initializing PAM and creates the unlock dialog if VT is
enabled.

3. If the user moves the mouse or hit the keyboard

3a. If VT is enabled, gnome-screensaver will ask GDM to show the
unlock
dialog on another DISPLAY, and ask VT manager to switch to that DISPLAY.
Then the user inputs the correct password, GDM tells gnome-screensaver to
destroy the window and release the keyboard and the mouse. Do the VT switching
to the user's DISPLAY.

3b. If VT is not enabled, gnome-screensaver will show the unlock
dialog, interacting with GDM on PAM authentication. If the user input the
correct password, gnome-screensaver will destroy the lock window and release the keyboard and the mouse.

For 3a, since a new GDM session is created, and GDM has already supported the accessibility, we don't need more work to do.

But for 3b, we need consider to support the accessibility for the
unlock dialog. Here I CCed a11y list in order to hear their opinions.

In both cases, GDM should launch the unlock GUI as the "gdm" user.
Since the gdm user has the Xauth key for the session, this should be
possible.  Running as the "gdm" user is better from a TrustedPath
perspective.

In the case of 3b, GDM will just launch the gdm-simple-greeter, and not
run a new gnome-session.  If it is possible for GDM to run the login
panel, then this should be run to give access to the a11y features (note
that this may require that gnome-settings-daemon be run for the "gdm"
user).

If this is not possible, then perhaps a button needs to be added to the
GUI in this case to make it possible to pop-up a dialog to select what
a11y features should be turned on or off.

It also may be acceptable to require VT to work for a11y features to be
available, and only to support a11y on displays that support VT.  But
we need to discuss this.

Can I start a new at-spi-registryd for the unlock dialog? This daemon runs on a new DBUS session daemon listening on a new DBUS address.
The unlock process and ATs will communicate with this session daemon, which will not affect the old daemon.

If the lock screen dialog runs as the "gdm" user then a new
at-spi-registryd will need to be run as the "gdm" user for this to work.

Brian


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]