Design Notes for a Greeter Plugin System

We have started to throw around some ideas on how to create a plug in system to allow the log in greeter to be adaptable.

Use Cases

Identification / Authentication

• (Separate?)

Identification

NSS is clearly deficient here.

We'd like to be able to (at least):

• Query / store user photos (avatars)
• Query user account status in an implementation/backend independent way (locked, expired etc)
• Query the user's real world name etc (ie. not just gecos)
• Receive user added / removed notifications
• Receive user property changed notifications (picture / real name / etc changed)
• Domain / realm chooser
  • Should only be displayed when applicable
• Username text entry
  • Perhaps only displayed when there is a remote Directory Service source.
• Face browser
  • Should "remember" most recent / frequent users on this particular seat

Authentication

One problem is how to display the prompts for the various modules marked as sufficient.

• PAM module specific UI
• Ability to authenticate against web services (may not translate well as a PAM module)

  • Support for Captcha?

• Password reminder support
• Self service password reset

Relevant Art

Other Operating Systems

References

• http://mail.gnome.org/archives/gdm-list/2007-October/msg00008.html