Darren: >> Looking more closely at the GDM code, I see that it has a hardcoded list >> of users to not show in the face browser. These include: >> >> "bin" >> "root" >> "daemon" >> "adm" >> "lp" >> "sync" >> "shutdown" >> "halt" >> "mail" >> "news" >> "uucp" >> "operator" >> "nobody" >> GDM_USERNAME (normally the "gdm" user) >> "postgres" >> "pvm" >> "rpm" >> "nfsnobody" >> "pcap" > > That list looks very "Linuxy" :-) > > It needs to have noaccess and nobody4 added to it for OpenSolaris.
It should not be a problem to add "noaccess" and "nobody4" to the list. However, these users do not show up in the Face Browser because GDM uses fgetpwent and checks to see if the user's SHELL is NULL. Since these accounts have no shell defined in /etc/passwd, they are already filtered out. > and still does the < 100 check ? > >>> Can gdm determine which users are locked? >> >> No. GDM currently excluses users under MinimalUID (100), users without >> valid shells, and users in the above list. >> >> It should not be hard to add extra logic to avoid adding other users >> if appropriate. For example, is there a way to check which users are >> locked? I am sure code could be added to exclude other types of >> appropriate users. > > *LK* in as the first four chars of the password field. This is defined > in shadow(4). Note that the code which checks if users are valid is run by the login GUI currently, which runs as the "gdm" user. Does a process running as the "gdm" user have the ability to check this field for the "*LK*" string? Is it necessary to check for this if GDM already filters out accounts that do not have a shell defined in /etc/passwd? Brian
