On Thu, Aug 13, 2009 at 01:04:52PM -0500, Shawn Walker wrote:
> Nicolas Williams wrote:
> >Even better: leave the face browser on by default, but by default leave
> >the list of users to appear in it _empty_. Then the installer folks
> >could do something very cute:
> >
> > - if there's a webcam available on install, then ask the user if they
> > want to have a pic taken for the face browser, and if they say yes,
> > then take it and put the user in the face browser list.
>
> Don't you mean 'firstboot' or 'first login' ?
>
> OS X does this on firstboot, if I recall correctly. Of course, that's
> when it sets up the initial user account too, hmm....
This could happen at install time (so the face pic is available on first
login). Else it could happen on first login. I don't care so much
about the details of how face pics are acquired (OT for this case) as I
do about making sure that GDM:
a) doesn't depend on heuristics to determine what users are to appear in
the face browser,
b) doesn't touch $HOME until after pam_setcred(h, PAM_ESTABLISH_CRED) is
done[*].
(a) means no surprises when some part of the system changes in a way
that might interact badly with such heuristics. Also, an explicit list
allows users to not necessarily be local, which is nice too -- GDM could
even have an option to display only the last few logged in users in the
face browser, which could be useful in a corporate environment (if
that's what people want).
(b) means that users need not be local (see previous item), or may have
special automounted home directories. And it means that GDM need not
apply any heuristics to determine whether it would be bad for it to
touch the user's $HOME prior to completing credential setup.
[*] If a homedir is shared -o sec=krb5:sys and the local mount/automount
doesn't set -o sec=krb5, and if the host lacks Kerberos credentials
(laptops usually lack host creds), THEN touching the user's $HOME as
euid == 0 or before acquiring the user's Kerberos credentials causes
the homedir to be mounted with sec=sys. Not having this problem is
very important for enabling Kerberos deployments to progress at
non-instantaneous rates.
Avoiding this problem is, I suspect, one of the reasons for the GDM
local user heuristics, but you can see that those heuristics are not
robust. Better avoid the heuristics and go with an explicit list of
users + face pic caching.
