diff options
| author | Ray Strode <rstrode@redhat.com> | 2011-06-13 13:18:14 -0400 |
|---|---|---|
| committer | Ray Strode <rstrode@redhat.com> | 2011-06-13 20:02:00 -0400 |
| commit | 45654e9e3c821afd0e1e6691a7f443580ec99bf3 (patch) | |
| tree | 27bcfd2ea166a5a4c626329b7c6fddffff7223f5 | |
| parent | 091bcf101c2721a4baa3ba27ae02c4e075385207 (diff) | |
| download | gdm-wip/multi-stack.tar.gz | |
doc: mention new split authentication featurewip/multi-stack
This commit updates the docs to mention the new
split authentication feature recently added.
| -rw-r--r-- | docs/C/gdm.xml | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/docs/C/gdm.xml b/docs/C/gdm.xml index c5103019..fc8b57b4 100644 --- a/docs/C/gdm.xml +++ b/docs/C/gdm.xml @@ -265,17 +265,39 @@ <para> The greeter program is run as the unprivileged "gdm" user/group. This user and group are described in the - "Security" section of this document. The main function of - the greeter program is to authenticate the user. The authentication + "Security" section of this document. The main functions of + the greeter program are to provide a mechanism for selecting + an account for log in and to drive the dialogue between + the user and system when authenticating that account. The authentication process is driven by Pluggable Authentication Modules (PAM). The PAM modules determine what prompts (if any) are shown to the user to authenticate. On the average system, the greeter program will request a username and password for authentication. However some systems may - be configured to use alternative mechanisms such as a fingerprint or - SmartCard reader. GDM and PAM can be configured to not require any + be configured to use supplemental mechanisms such as a fingerprint or + SmartCard readers. GDM can be configured to support these + alternatives in parallel with greeter login extensions and the + <command>--enable-split-authentication</command> + <filename>./configure</filename> option, or one at a + time via system PAM configuration. + </para> + + <para> + The smartcard extension can enabled or disabled via the + <filename>org.gnome.display-manager.extensions.smartcard.active</filename> + gsettings key. + </para> + + <para> + Likewise, the fingerprint extension can enabled or disabled via the + <filename>org.gnome.display-manager.extensions.fingerprint.active</filename> + gsettings key. + </para> + + <para> + GDM and PAM can be configured to not require any input, which will cause GDM to automatically log in and simply start a session, which can be useful for some environments, such as - for kiosks. + single user systems or kiosks. </para> <para> |