On Fri, 2008-05-23 at 09:06 -0400, Matthias Clasen wrote:
The backend needs to be flexible enough to support more enterprise-oriented frontends, sure. Perhaps that hasn't been stated clearly enough. Wrt to storage, I think we are pretty much within the standard LDAP user schema.
Do you access LDAP directly or do you use libuser -- for s-c-users, libuser abstracted local user accounts from LDAP ones enough so that it could handle local as well as directory accounts without (any= much? haven't checked lately) distinction in the tool.
Clicking on the face image brings up a dialog for selecting the user image which offers a set of predefined images, as well as an option to use a webcam (if available), a simple drawing tool (such as MeMaker) or pick an image from the filesystem. Fine point: when showing the predefined faces, we should indicate which ones are already 'taken'. This dialog has not been mocked up yet. When creating a new user, it initially gets a randomly picked image from the predefined images (excluding those that are already used for a different user)
I don't think that's a good idea, as there are too many ways to unintentionally insult people by picking the wrong one, even colors can have bad connotations in some cultures ("Your @*§$"!§%" tool picked {a monkey, something green, ...} for my account, now I'll {have your guts, not do any business with you again, ...}!").
Or maybe we just make the business customers use the other frontend...
I think that point's valid enough for home users. Even if we ignore home/SMB use as a potential business market, we surely don't want to hurt users' feelings. I don't like having to jump through hoops to achieve that as much as anybody else, but I'd rather not pull a "Pajero"[1] if it can be avoided -- I recently read an article in the newspaper about clashes of cultures and it's amazing how things that are innocuous in one culture are offensive in another.
[1]: http://en.wikipedia.org/wiki/Mitsubishi_Pajero
Which makes "Show list of users" in the login settings kind of dead in the water, unless that list of users is somehow limited, e.g. to people who were logged into the system in a certain timeframe (e.g. since 4 weeks before the last successful login), and/or people who have been created on that system, ...
...which is pretty much exactly what the user list in the greeter already does.
That's nice. On account of not using LDAP/NIS/Kerberos on any of my systems (which have a gdm login screen), I wasn't aware of that it makes such a distinction. The last thing in that context I heard about was fast-user-switch-applet excessively burning CPU cycles to enumerate all NIS users (multiplied by a number of these applets running concurrently on a VNC/NX terminal server ;-), so I wanted to cover that bit.
Nils