On Tue, Aug 18, 2009 at 06:00:08PM -0500, Brian Cameron wrote: > [...] > But, this should not be a problem. As long as GDM exposes interfaces > that the installer, Users and Groups, and useradd(1M) interfaces can use to > configure GDM to show the right users in the Face Browser, this sort of > deeper integration should be possible.
Exactly :) That's what I want to see. That approach lets you solve the $HOME access issue and avoid naughty local user heuristics. > >If root is not a role, then why not put root in the face browser? > > Currently the code filters out UID's under 100. If someone thinks it > is important for GDM not to do this, then an ARC member will need to > say it would otherwise be a TCR. I'm not an ARC member, and I don't care very much about seeing non-role root appear in the face browser. But that does make me wonder: should GDM not filter out roles from the face browser as a general rule? And if one wanted to do per-user opt-in then user_attr(4) seems like a good place to manage that. > That said, in talking with the upstream GDM co-maintainers, we decided > it would be better to manage opt-in/opt-out via adding back the > Include/Exclude configuration options which were supported in the old > GDM. Again, see my other email for more details on how this will work. As long as that's manageable, I don't mind. (See above comment about user_attr(4), in case that's more palatable to you.) > >IMO: > > > > This is an issue, but it's an installer issue, not really a GDM > > issue. AI should almost certainly disable it by default, while the > > OpenSolaris installer should probably enable it by default. To > > force the matter GDM could have this feature disabled by default (a > > "safe" default), such that the OpenSolaris installer project team > > would have to do the enabling. > > It makes sense to me to file an enhancement request with the installer so > that the user can select whether they want the Face Browser turned on or > off by default. Or to just assume that if the user installs via the > graphical installer that they wish to have it on seems fine with me. It also makes sense to kick this can to some other project team :) Nico --