Re: [gdm-list] Separate username and password fields

[Bob Doolittle <Bob Doolittle oracle com>]

Brian Cameron wrote:
> Mike:
>
> > I've never liked that GDM only shows one field. I have on occasion
> > started to type my username in only to then notice it's coming up in
> > dots because the prompt to the side actually reads Password, but my
> > research indicates that there is no way to configure to GDM to display
> > separate fields for username and password. Which is a shame. Given
> > that having only one field can evidently cause confusion I'd like to
> > ask the developers to consider adding a configuration option to
> > display separate username and password fields. I feel that is much
> > more user friendly than using a single field.
>
> This usability issue is raised from time-to-time. Unfortunately, the
> standard for handling authentication is PAM, and GDM also uses PAM.
> While PAM makes it possible to integrate novel authentication mechanisms
> (such as a fingerprint or SmartCard reader), its query/response protocol
> does not support asking multiple questions at the same time.
>
> Most distros are configured by default to use a username/password
> configuration, but PAM can be configured to request different, less
> or more information.
>
> Aside from solutions like enhancing PAM to support requesting multiple
> inputs, limiting GDM so that it only works with certain PAM modules,
> or making GDM not use PAM, I cannot think of an easy way to improve
> this. 

Could the username be validated as a legitimate account before logging 
it? This would prevent inadvertent logging of non-username, potentially 
private information. Logging should still occur (so that attacks can be 
flagged), but the "username" could be anonymized if it's not a legit 
account.

-Bob