Service interfaces
The user panel and other parts of the desktop currently use the AccountsService D-Bus service for obtaining and manipulating user account information. The AccountsService explicitly only deals with local accounts (ie /etc/passwd and utmp). It offers APIs to
- List 'known' users (explicitly not 'all' users)
- Find a user by name or by uid
- Create, delete or lock user accounts
- Get a users name, language, email, account type, photo
- Set a users name, language, email, account type, photo
- Change a users password
- Mark a user for automatic login
- Notify about any of these changes
The actual APIs can be found here: org.freedesktop.Accounts and org.freedesktop.Accounts.User
For integrating centrally managed user identities, a number of new APIs will be needed or desirable, including
- Query writability of user attributes
- List available domains
- List 'secondary identities' of a user
- Authenticate for a 'secondary identity'
- 'Drop' a 'secondary identity'
- Notify about expiring passwords or tickets
- Obtain a 'token' to encrypt the users keyring