Re: [gdm-list] gnome-screensaver authenticates users through GDM

[Brian Cameron <Brian Cameron Sun COM>]

Jeff:

> > 1) gnome-screensaver becomes a program which just keeps track of
> > when the session is idle long enough to lock the screen, does
> > the screen lock and shows eye-candy. When the user hits a key or
> > moves the mouse, it would send GDM a D-Bus message telling it to
> > displays the normal GDM login window to ask the user to
> > authenticate. This would cause GDM to start the login dialog with
> > the lockscreen PAM stack so it just asks for the password (or
> > whatever the lockscreen PAM stack is defined to do).
> Not login dialog, since username is not needed. I guess a new dialog may
> be needed or the old login dialog
> needs to hide username with a different flag.

GDM's login dialog is really just a PAM dialog.  It will prompt the user
for whatever PAM says.  The GDM dialog knows nothing about usernames or
passwords.  Only PAM does.

Note in gdm-session-worker.c that gdm_session_worker_initialize_pam()
calls pam_start().  For the first argument to pam_start, GDM will pass
either "gdm" for normal GDM operations or "gdm-autologin" when GDM is
in automatic login mode.

This will cause GDM to use whatever PAM prompts are defined for the
"gdm" or "gdm-autologin" PAM stack in /etc/pam.conf.

So, if you wanted to make GDM GUI also work for lockscreen, one neeed
change would be to change the first argument of pam_start to the
lockscreen PAM stack name.  This would ensure it only asks for password
and not username, in the normal case.

You can refer to gnome-screensaver to see what it passes in as the
first argument to pam-start.  I am sure it is something other than
"gdm" or "gdm-autologin".

Brian