Login Banner

Design, can you please pick the best location to place a banner?

Hi George,

Thanks for the bug report. Can you give an example of a banner that would be shown? In particular how big should it be (i.e. how many lines of text) and does it need any special markup (e.g. bold, italic, font size)? Are images required?

For reference, I have attached 2 images from Lucid. The first one shows the login screen (with user listing disabled) without a login banner. The second one shows the login screen with a login banner.

In the past, when I enabled a login banner it was just text without special markup or images. The length of a login banner will vary from site to site as they are drafted by legal departments and must contain key phrases to meet legal obligations.

I currently use the following text (sanitized):

"This Information Resource is the property of <COMPANY>. The most current terms of use for this Information Resource can be found at <CORPORATE WEBSITE>. It is your responsibility to read, understand, and comply with <COMPANY> terms of use at all times. Unauthorized access is prohibited."

for some more examples of banners see pages 210 - 212 of http://www.justice.gov/criminal/cybercrime/docs/ssmanual2009.pdf

Hopefully that is a good starting point...

Thanks George, that's very useful. Is it important that the user needs to explicitly click through / acknowledge the banner or does it just need to be visible?

And also does the banner only need to appear when the login screen appears or each time a login occurs. e.g. If I walk up and login after someone else has closed the banner previously and I don't see it is that a problem?

The login banner can just be a simple text box without a button to click to acknowledge. Generally, if the user reads the banner and logs onto the box that means they agree to the terms presented in the logon banner.

The login banner must be displayed at the login screen for every login. Think of this as the graphical version of placing a login banner in /etc/update-motd.d to be displayed when someone uses SSH to access the box.

If it helps any, you can see how this was implemented in GDM in 10.04 (the commands do not work in the version of GDM used in 12.04) by running the following commands below. This is what I ran to set up the machine from which I took the screenshots previously attached.

# Disable user list
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean --set /apps/gdm/simple-greeter/disable_user_list True

# Set login banner text
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /apps/gdm/simple-greeter/banner_message_text_nochooser"This Information Resource is the property of <COMPANY>. The most current terms of use for this Information Resource can be found at <CORPORATE WEBSITE>. It is your responsibility to read, understand, and comply with <COMPANY> terms of use at all times. Unauthorized access is prohibited."

# Enable login banner
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean --set /apps/gdm/simple-greeter/banner_message_enable true

workaround:

  It is possible to use "greeter-setup-script" and "session-setup-script" with lightdm . This allows a user ro run a scrip to pop-up a dialog via zenity to present a information dialog.

-----------------------------------------------------

$ cat /etc/lightdm/lightdm.conf
 ...
# greeter-setup-script = Script to run when starting a greeter (runs as root)
# session-setup-script = Script to run when starting a user session (runs as root)
session-setup-script = /usr/bin/motorola

-----------------------------------------------------

$ cat /usr/bin/motorola
#!/bin/sh
#
# This is a example of what can be done
zenity --info --text Hi
# kIll gnome/unity session
killall -9 gnome-session

-----------------------------------------------------