On Fri, Aug 14, 2009 at 12:04:53PM +0200, Joerg Barfurth wrote:
> Nicolas Williams schrieb:
> >On Thu, Aug 13, 2009 at 06:18:09PM -0500, Brian Cameron wrote:
> >>This sort of design is contrary to the way people want GDM to work
> >>on other distros, so I am unsure if the changes needed to make it work
> >>this way would go upstream. Most other distros want it to work with
> >>all local userids out-of-the-box as it does in other popular operating
> >>systems.
> >
> >I don't think the local user heuristics are a good idea on any Unix or
> >Unix-like OS. I don't mind if the upstream community prefers to have
> >those heuristics on Linux or *BSD, but I don't think those heuristics
> >are at all appropriate, so let's not have those on Solaris.
>
> Browsable user lists [*] are a standard feature of the login experience
> on most systems. They should be usable out of the box on a newly
> installed system. Local users added during installation or using local
> management tool should usually be part of the browseable list.
I believe you missed the point. It is NOT the case that the face
browser can't work out of the box just because there's an opt-in system.
That's because _obviously_ the installer can opt-in the user
automatically.
> The local/non-local distinction seems to be an obvious one to reconcile
> these requirements. But with local accounts a set of rules is needed to
> eliminate the system accounts.
On a personal system the installer can opt-in the user. Additional
users created by a useradd tool can also be automatically opted-in.
And the face browser can also list recently logged-in users.
That way the face browser can work out of the box with no local user
heuristics, no user enumeration. And it can work for local and
non-local users alike.
To make that work you need a local store of users that should appear in
the face browser. That could be /var/gdm/users/$username/{dmrc, face, ...}.
Depending on the install and other tools teams to manage the opt-in of
local users may seem annoying, but it allows GDM to avoid those
heuristics.
> >>- The users show up in the face browser after you log into them the
> >> first time.
> >
> >Yes that's fine.
> >
>
> The part where nobody shows up initially and newly added local users
> also don't show up is what I don't agree to:
You're taking parts of the thread out of context. See above.
Nico
--
