Comment 2 for bug 1042907

Revision history for this message
Robert Ancell (robert-ancell) wrote :

I'm not going to provide this interface in LightDM due to:
- All other DMs will have the same problem
- The interface is GDM specific
- (as I understand it) It allows a session process to run PAM calls remotely to authenticate. This is questionable security and opposes the design we have in LightDM for the login screen to be the lock screen.
- The interface is not trivial

So the solution as I see it is we will have to patch gnome-shell to handle not running inside GDM. The options are probably.

1. Not entering lock screen if the GDM interface is not present. This means no lock screen but is logical (no point locking if you know you can't unlock).
2. If the GDM interface is not present then falling back to the old gnome-screensaver method of unlocking. This means running the PAM calls yourself to authenticate. You can't authenticate as anyone but yourself and it's always been a bit of a hack (PAM generally assumes root access, the modules handle running as non-root for this case specifically).