On Tue, Aug 18, 2009 at 06:00:08PM -0500, Brian Cameron wrote:
> [...]
> But, this should not be a problem.  As long as GDM exposes interfaces
> that the installer, Users and Groups, and useradd(1M) interfaces can use to
> configure GDM to show the right users in the Face Browser, this sort of
> deeper integration should be possible.

Exactly :)

That's what I want to see.  That approach lets you solve the $HOME
access issue and avoid naughty local user heuristics.

> >If root is not a role, then why not put root in the face browser?
> 
> Currently the code filters out UID's under 100.  If someone thinks it
> is important for GDM not to do this, then an ARC member will need to
> say it would otherwise be a TCR.

I'm not an ARC member, and I don't care very much about seeing non-role
root appear in the face browser.  But that does make me wonder: should
GDM not filter out roles from the face browser as a general rule?

And if one wanted to do per-user opt-in then user_attr(4) seems like a
good place to manage that.

> That said, in talking with the upstream GDM co-maintainers, we decided
> it would be better to manage opt-in/opt-out via adding back the
> Include/Exclude configuration options which were supported in the old
> GDM.  Again, see my other email for more details on how this will work.

As long as that's manageable, I don't mind.  (See above comment about
user_attr(4), in case that's more palatable to you.)

> >IMO:
> >
> >     This is an issue, but it's an installer issue, not really a GDM
> >     issue.  AI should almost certainly disable it by default, while the
> >     OpenSolaris installer should probably enable it by default.  To
> >     force the matter GDM could have this feature disabled by default (a
> >     "safe" default), such that the OpenSolaris installer project team
> >     would have to do the enabling.
> 
> It makes sense to me to file an enhancement request with the installer so
> that the user can select whether they want the Face Browser turned on or
> off by default.  Or to just assume that if the user installs via the
> graphical installer that they wish to have it on seems fine with me.

It also makes sense to kick this can to some other project team :)

Nico
-- 

Reply via email to