Ayatana Design

Unity Greeter - Custom change password prompts

Bug #838555 reported by Robert Ancell
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Ayatana Design
Fix Committed
High
Mika Meskanen
unity-greeter (Ubuntu)
Triaged
High
Unassigned
Raring
Won't Fix
High
Unassigned

Bug Description

The greeter needs to support complex authentication requests from the system. The current implementation has a text line between the username and the password box, but this can only support a small amount of text.

The authentication process prompts the greeter with:
- One or more "messages" to display (could be multiple lines)
- One or more errors to display (could be multiple lines)
- One or more prompts to display (with the input set to show or hide)

In a traditional text login these messages / are displayed on the screen and appended to the existing text, e.g.
login: bob
password: *******
You need to change your password, please enter a new one
The password must be more than 5 characters and contain a mix of letters and numbers
new password: ****

Tags: udp
Robert Ancell (robert-ancell)
Changed in unity-greeter:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Robert Ancell (robert-ancell) wrote :

The messages and prompts are completely system defined and the greeter cannot tell what sort of message they are except by checking the text that they have (e.g. we match "password:" to be a password prompt).

Some suggestions of messages that may be displayed:
- Error message if the account is locked (authentication fails)
- Prompt to change password after logging in (see bug description for example)
- Prompt to enter an RSA key number (prompt input is not hidden like a password)
- Display a disclaimer that needs to be acnowledged to allow login

John Lea (johnlea)
Changed in ayatana-design:
assignee: nobody → Mika Meskanen (mesq)
importance: Undecided → High
Robert Ancell (robert-ancell)
Changed in unity-greeter (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Mika Meskanen (mika) wrote :

I looked into this by wireframing a Change Password type of a user journey.

Please have a look at the attached PDF – if you open it in a proper viewer you should also be able to go through it by clicking on the hotlinked buttons (Continue, Back etc.)

I'm optimistic that this pattern can solve a number of complex authentication use cases – so please feel free to throw nukes at it and push any requirements this way…

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Ooh, that's really slick! I also like the logging in spinner, as it felt like we were missing something to do once authentication was complete.

Revision history for this message
Mika Meskanen (mika) wrote :

Good good!
Here's Rosie's visuals to accompany the piece…

Revision history for this message
Robert Ancell (robert-ancell) wrote :

So, I think the logic is, if Unity Greeter interprets a prompt from PAM as a username or password entry it displays those as it does currently. If any other prompt is detected, it uses a "continue" button, then slides to the "complex authentication dialog" which can ask those questions / show prompts.

Revision history for this message
Michael Terry (mterry) wrote :

FYI, to force the system to prompt for your password for testing, run the following (changing the "User1000" as appropriate):

dbus-send --print-reply --system --dest=org.freedesktop.Accounts /org/freedesktop/Accounts/User1000 org.freedesktop.Accounts.User.SetPasswordMode int32:1

Revision history for this message
Michael Terry (mterry) wrote :

Mika, at least in the change-password use case, I don't believe the login system will tell us upfront whether the user will have to change their password.

Rather, it will wait until the user tries to log in. So how terrible would it be if the workflow changed from

Continue Button -> (slide in) -> Current Password -> New Password -> Confirm -> Success

to

Current Password -> (slide in) -> New Password -> Confirm -> Success

?

Revision history for this message
Michael Terry (mterry) wrote :

Right now, lightdm doesn't even handle changing the password correctly. It errors out about authentication issues. I filed bug 911597 and branch https://code.launchpad.net/~mterry/lightdm/pam-tty/+merge/87432 about it.

I'll leave this bug about the presentation in unity-greeter.

Martin Pitt (pitti)
Changed in unity-greeter (Ubuntu):
assignee: nobody → Michael Terry (mterry)
Michael Terry (mterry)
Changed in unity-greeter (Ubuntu):
status: Triaged → In Progress
Michael Terry (mterry)
Changed in unity-greeter (Ubuntu):
assignee: Michael Terry (mterry) → nobody
status: In Progress → Triaged
Revision history for this message
Lars Düsing (lars.duesing) wrote :

There is another problem linked with this - too few space for complex PAM-dialogs: See LP: #968855

Revision history for this message
Robert Ancell (robert-ancell) wrote :

I've opened bug 1043593 to track the multiple prompt part of this bug.

John Lea (johnlea)
Changed in ayatana-design:
status: New → Fix Committed
summary: - Support complex authentication requests
+ Unity Greeter - Support complex authentication requests
tags: added: udp
Revision history for this message
Michael Terry (mterry) wrote :

Marking Won't Fix for raring, as I likely won't be able to get to this (getting this off my status radar). If someone else wants to pick it up, be my guest and re-open! Otherwise, hopefully we can get to it in S.

summary: - Unity Greeter - Support complex authentication requests
+ Unity Greeter - Custom change password prompts
Changed in unity-greeter (Ubuntu Raring):
status: Triaged → Won't Fix
Robert Ancell (robert-ancell)
no longer affects: unity-greeter
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.