Re: [Usability] GDM
- From: Martin Soto <soto informatik uni-kl de>
- To: Tuomas Kuosmanen <tigert novell com>
- Cc: usability gnome org
- Subject: Re: [Usability] GDM
- Date: Tue, 11 Oct 2005 15:51:30 +0200
Hi Tuomas,
On Mon, 2005-10-10 at 21:46 +0000, Tuomas Kuosmanen wrote:
...
> Yeah, but this is just because the TTY has limitations - you dont have
> "form fields" in the same sense in a TTY - it has to ask one thing at a
> time. There is really no reason to do the same limitation on a graphical
> login.
>
> Similarly I see no reasons why we just couldnt show both fields and even
> a button to click, either from a usability or an artistic standpoint. It
> can look just fine either way. Plus now that AFAIK the KDE login manager
> can use the same themes, it would make life easier for theme maintainers
> too. If that makes users life easier as well, what the heck. Let's do
> it.
As far as I understand it, there's a big technical problem: the
Pluggable Authentication Modules (PAM) library. PAM makes it possible
for a system administrator to define the policy used to authenticate
users. So, it may be that a password is asked for, but it may be that a
fingerprint or retinal scanner is used, or a card reader, or a one-time
password module or some combination of them all. For my personal use,
for example, I defined a policy that asks for a SSH password, but if
that fails, asks for the standard Unix password. Even this simple
policy, that doesn't require any esoteric biometric devices, does not
fit with the usual name+password dialog.
Supporting PAM from a GUI is also not that simple, because the actual
sequence of authentication actions cannot be determined in advance, and
may depend on the actual user name. For example, the root user could be
authenticated with a local password, whereas normal users may be
authenticated with a one-time password that gets validated against a
network server.
An interesting, but certainly difficult task would be to determine how
to properly support the PAM library from an user interaction point of
view (and potentially suggest enhancements to PAM on the way). Having
support for PAM could be very valuable, specially since standard
passwords are likely to get replaced by more secure and reliable
authentication systems in the not-so-far future.
Have fun,
M. S.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]