Darren: Thanks for your questions.
> 1. Lack of Failsafe session. > > I see this as a major issue. I use the failsafe session more when I'm > not on the console than when I am. In particular I often use failsafe > when connecting using VNC or a lot when using Sun Ray. A common use case > for me is when connecting to the same server that already has another > Sun Ray, VNC or console session - because I still don't trust GNOME not > to screwup my config with multiple active session against he same home dir. After reviewing how the new GDM is installed on other distros, we noticed that they are shipping a /usr/share/xsessions/xterm.desktop which allows users to log into an xterm, rather than the full GNOME desktop. So, we have also added this to our GDM builds and I have updated the Exported Interface table to include this xterm.desktop file. I think this will meet your needs. > 2. Default using face browser > > What is the definition of a system account ? I appreciate your concern about how the Face Browser works, since it never worked very well with the old GDM, especially in environments where NIS/LDAP is used. However, the new face browser is much more intelligent. It uses the following logic to filter out system users: - Filters out all accounts under 100. - Filters out all accounts that do not have a valid shell - It only adds users that are in /etc/passwd and users that have logged in previously. So, no users will be shown who are NIS/LDAP users unless they have logged in previously. Note when the Face Browser is shown, you can click on the "Other" (meaning "Other User") button and enter the username and password. If you enter a username that is not a system user (UID<100), then that user will show-up in the face browser in subsequent logins. The list of recent users is managed by ConsoleKit and stored in the file /var/log/ConsoleKit/history, so there is a unique history per-machine. > The reason I ask is because the GNOME users and groups tool gets this > wrong on Solaris. It correctly hides by default all those accounts with > a uid < 100 but it doesn't hide the other reserved system accounts: > > nobody:x:60001:60001:NFS Anonymous Access User:/: > noaccess:x:60002:60002:No Access User:/: > nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: Since these users do not have valid shells specified, these would not be shown. > What about when NIS or LDAP is in use ? Do we really want GDM attempting > to display 38,000+ accounts ? As I explain above, this should not be an issue. > Does the face browser need to read anything in the users home dir ? If > so it must be disabled by default since it can cause a downgrade attack > if the users home directory is supposed to be mounted with Kerberos by > default (but can fall back to sys). We have gone to great lengths over > the years to ensure that no login program ever touches the users home > directory until after pam_authenticate() and pam_setcred() have returned > PAM_SUCCESS. Yes, the user's image file is loaded from the user's $HOME directory before authentication. As I explained before, we can disable the Face Browser if we want by default. All other distros turn on the Face Browser by default, and users disable it when needed. Note that if we choose to turn on the Face Browser by default, that the Sun Ray install process would turn it off. I think many of the cases where the Face Browser would not be desired would be in Sun Ray environments (e.g. Trusted Solaris). So, if we choose to turn on the Face Browser by default, many users who do not want it (e.g. Sun Ray users) would have it turned off by default. But, if it is a requirement that Solaris by default does not touch the user's $HOME directory before authentication, then the Face Browser would need to be turned off by default. Do we want to be different than other distros in this regard because of this kerberos requirement? > 3. Greeter themes > > What is the impact to the OpenSolaris branding given the new theme > restrictions ? The new GDM greeter only allows the specification of the background image to be used with the new GDM. Unless the "gdm" user is configured to use a different background image, it will use the same background that is shown by default for a user session. So, without any extra work, it will already use the same branded background we use for the user sessions. We can change that if we think a different branded background for the GDM screen improves the branding. It is also possible to brand the new GDM by using any of the configuration options specified in the ARC case, such as turning off the Face Browser if desired. Another impact is that we no longer need to deliver the old GDM branding files in the SUNWgnome-themes package (e.g. files installed to /usr/share/gdm/themes), since they won't be used any longer. The ARC case already highlights that /usr/share/gdm/themes is an Obsolete interface, but I could add a mention in the onepager that this has an impact on the SUNWgnome-themes package if you think that is interesting. Brian
