Red Hat Bugzilla – Bug 494874
Authconfig changes to support multistack GDM work
Last modified: 2009-04-10 12:09:48 EDT
So one thing I'd like to get finished up before F11 is this feature:
Part of this feature requires some changes to authconfig. We need to write out separate files for distinct ways of interacting with the machine. So for instance, we need a separate service configuration for smartcard authentication, one for fingerprint authentication, and one for password authentication.
We could ship these service files in GDM but then they wouldn't get updated when the user runs authconfig to e.g. enable Kerberos.
Created attachment 338712 [details]
A proposed patch
This patch changes authconfig to write out the three new service files (and still keeps around the aggregate system-auth service file)
Created attachment 338713 [details]
PAM spec file changes
In order for the authconfig changes in attachment 338712 [details] to work we need to update the PAM package to ship new initial service files.
The GDM changes are being actively worked on here:
(on the multi-stack branch)
if you're interested.
The basic idea behind the change is rather than trying to aggregate 3 independent interactions into one conversation, we have 3 conversations running simultaneously, and GDM manages switching between them as appropriate.
This let's us, for instance, swipe our finger while asking for username. It's also makes it a lot easier to upstream the GDM smartcard changes I did in RHEL5, since they now are in a plugin instead of bolted on to the side of the code.
I had to slightly modify the alternative stacks, there were some problems.
Built in rawhide. Ray, please test if you can.