Unity Greeter - Custom change password prompts

Bug #838555 reported by Robert Ancell on 2011-09-01
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Ayatana Design
Mika Meskanen
unity-greeter (Ubuntu)

Bug Description

The greeter needs to support complex authentication requests from the system. The current implementation has a text line between the username and the password box, but this can only support a small amount of text.

The authentication process prompts the greeter with:
- One or more "messages" to display (could be multiple lines)
- One or more errors to display (could be multiple lines)
- One or more prompts to display (with the input set to show or hide)

In a traditional text login these messages / are displayed on the screen and appended to the existing text, e.g.
login: bob
password: *******
You need to change your password, please enter a new one
The password must be more than 5 characters and contain a mix of letters and numbers
new password: ****

Tags: udp Edit Tag help
Changed in unity-greeter:
status: New → Triaged
importance: Undecided → High
Robert Ancell (robert-ancell) wrote :

The messages and prompts are completely system defined and the greeter cannot tell what sort of message they are except by checking the text that they have (e.g. we match "password:" to be a password prompt).

Some suggestions of messages that may be displayed:
- Error message if the account is locked (authentication fails)
- Prompt to change password after logging in (see bug description for example)
- Prompt to enter an RSA key number (prompt input is not hidden like a password)
- Display a disclaimer that needs to be acnowledged to allow login

John Lea (johnlea) on 2011-09-06
Changed in ayatana-design:
assignee: nobody → Mika Meskanen (mesq)
importance: Undecided → High
Changed in unity-greeter (Ubuntu):
status: New → Triaged
importance: Undecided → High
Mika Meskanen (mika) wrote :

I looked into this by wireframing a Change Password type of a user journey.

Please have a look at the attached PDF – if you open it in a proper viewer you should also be able to go through it by clicking on the hotlinked buttons (Continue, Back etc.)

I'm optimistic that this pattern can solve a number of complex authentication use cases – so please feel free to throw nukes at it and push any requirements this way…

Robert Ancell (robert-ancell) wrote :

Ooh, that's really slick! I also like the logging in spinner, as it felt like we were missing something to do once authentication was complete.

Mika Meskanen (mika) wrote :

Good good!
Here's Rosie's visuals to accompany the piece…

Robert Ancell (robert-ancell) wrote :

So, I think the logic is, if Unity Greeter interprets a prompt from PAM as a username or password entry it displays those as it does currently. If any other prompt is detected, it uses a "continue" button, then slides to the "complex authentication dialog" which can ask those questions / show prompts.

Michael Terry (mterry) wrote :

FYI, to force the system to prompt for your password for testing, run the following (changing the "User1000" as appropriate):

dbus-send --print-reply --system --dest=org.freedesktop.Accounts /org/freedesktop/Accounts/User1000 org.freedesktop.Accounts.User.SetPasswordMode int32:1

Michael Terry (mterry) wrote :

Mika, at least in the change-password use case, I don't believe the login system will tell us upfront whether the user will have to change their password.

Rather, it will wait until the user tries to log in. So how terrible would it be if the workflow changed from

Continue Button -> (slide in) -> Current Password -> New Password -> Confirm -> Success


Current Password -> (slide in) -> New Password -> Confirm -> Success


Michael Terry (mterry) wrote :

Right now, lightdm doesn't even handle changing the password correctly. It errors out about authentication issues. I filed bug 911597 and branch https://code.launchpad.net/~mterry/lightdm/pam-tty/+merge/87432 about it.

I'll leave this bug about the presentation in unity-greeter.

Martin Pitt (pitti) on 2012-01-11
Changed in unity-greeter (Ubuntu):
assignee: nobody → Michael Terry (mterry)
Michael Terry (mterry) on 2012-01-12
Changed in unity-greeter (Ubuntu):
status: Triaged → In Progress
Michael Terry (mterry) on 2012-02-23
Changed in unity-greeter (Ubuntu):
assignee: Michael Terry (mterry) → nobody
status: In Progress → Triaged
Lars Düsing (lars.duesing) wrote :

There is another problem linked with this - too few space for complex PAM-dialogs: See LP: #968855

Robert Ancell (robert-ancell) wrote :

I've opened bug 1043593 to track the multiple prompt part of this bug.

John Lea (johnlea) on 2012-09-19
Changed in ayatana-design:
status: New → Fix Committed
summary: - Support complex authentication requests
+ Unity Greeter - Support complex authentication requests
tags: added: udp
Michael Terry (mterry) wrote :

Marking Won't Fix for raring, as I likely won't be able to get to this (getting this off my status radar). If someone else wants to pick it up, be my guest and re-open! Otherwise, hopefully we can get to it in S.

summary: - Unity Greeter - Support complex authentication requests
+ Unity Greeter - Custom change password prompts
Changed in unity-greeter (Ubuntu Raring):
status: Triaged → Won't Fix
no longer affects: unity-greeter
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints