1. Lack of Failsafe session. I see this as a major issue. I use the failsafe session more when I'm not on the console than when I am. In particular I often use failsafe when connecting using VNC or a lot when using Sun Ray. A common use case for me is when connecting to the same server that already has another Sun Ray, VNC or console session - because I still don't trust GNOME not to screwup my config with multiple active session against he same home dir.
2. Default using face browser What is the definition of a system account ? The reason I ask is because the GNOME users and groups tool gets this wrong on Solaris. It correctly hides by default all those accounts with a uid < 100 but it doesn't hide the other reserved system accounts: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: What about when NIS or LDAP is in use ? Do we really want GDM attempting to display 38,000+ accounts ? Does the face browser need to read anything in the users home dir ? If so it must be disabled by default since it can cause a downgrade attack if the users home directory is supposed to be mounted with Kerberos by default (but can fall back to sys). We have gone to great lengths over the years to ensure that no login program ever touches the users home directory until after pam_authenticate() and pam_setcred() have returned PAM_SUCCESS. 3. Greeter themes What is the impact to the OpenSolaris branding given the new theme restrictions ? -- Darren J Moffat
