Skip to the content of the web site.

Linux.LoginBrowser r15 - 28 Nov 2005 - 19:32:52 - AlexBencz

Edit this Topic: Linux.LoginBrowser View this Topic: Raw Text | Printable Version
Other topic actions: Attach Files/Photos | Delete, Rename, Compare...
Go to: PrimaryNav | SecondNav | WebPreferences | TWikiPreferences | Topics | Index
Topic revisions: Revision History | Total page history | Web Changes
Display with skin: uw2home | uw3home | uw2content | uw3content | plain

UWclfSkin © 2005, 2007 University of Waterloo | Page revision history: r15 < r14 < r13 < r12 < r11
The login browser is similiar to what is found on Nexus machines and is based on the pygtkmozembed module available for python. It consists of about an hundred lines of python code that provides the locked down features necessary for a login browser. The source code is available in the linxus-login-browser debian package. There is also a shell script, login_browser.sh that calls the login browser and then calls gdmlogin after finishing. This script is available in the linxus-base package or in the cfengine configuration tree.

-- DavidCollie - 09 Sep 2005

The login browser shell script is located at /etc/X11/login_browser.sh and is called during gdm's initialization. The file /etc/X11/gdm/gdm.conf controls this behaviour through the two configuration lines:

...
Greeter=/etc/X11/login_browser.sh
...
RemoteGreeter=/etc/X11/login_browser.sh
...

Security

Using the default configuration, the browser will ask to remember a user's username/password if they use the browser to reset profile, check e-mail, etc. This poses a security risk if the browser is not closed (and thus the password cache not cleared). If the user choses to save username/password it would be possible for another to access their email or otherwise disrupt the account. The current method of fixing this is editing the Mozilla preferences in /usr/lib/mozilla/defaults/pref/browser-prefs.js; making sure that the option signon.rememberSignons is set to false:

...
pref("signon.rememberSignons", false);
...

Edit: This fix has been added to cfengine (in the linxus_gdm.cf script) and is executed for machines with the linxus_gdm class.

-- AlexBencz - 28 Nov 2005