A new user management tool

Nils Philippsen nphilipp at redhat.com
Fri May 23 14:25:31 UTC 2008 

On Fri, 2008-05-23 at 09:06 -0400, Matthias Clasen wrote:

> The backend needs to be flexible enough to support more
> enterprise-oriented frontends, sure. Perhaps that hasn't been stated
> clearly enough. Wrt to storage, I think we are pretty much within the
> standard LDAP user schema.

Do you access LDAP directly or do you use libuser -- for s-c-users,
libuser abstracted local user accounts from LDAP ones enough so that it
could handle local as well as directory accounts without (any= much?
haven't checked lately) distinction in the tool.

> > > Clicking on the face image brings up a dialog for selecting the user image which offers a set of  
> > > predefined images, as well as an option to use a webcam (if available), a simple drawing tool  
> > > (such as MeMaker) or pick an image from the filesystem. Fine point: when showing the 
> > > predefined faces, we should indicate which ones are already 'taken'. This dialog has not been 
> > > mocked up yet. 
> > > When creating a new user, it initially gets a randomly picked image from the predefined 
> > > images  (excluding those that are already used for a different user) 
> > 
> > I don't think that's a good idea, as there are too many ways to
> > unintentionally insult people by picking the wrong one, even  colors can
> > have bad connotations in some cultures ("Your @*§$"!§%" tool picked {a
> > monkey, something green, ...} for my account, now I'll {have your guts,
> > not do any business with you again, ...}!").
> 
> Or maybe we just make the business customers use the other frontend...

I think that point's valid enough for home users. Even if we ignore
home/SMB use as a potential business market, we surely don't want to
hurt users' feelings. I don't like having to jump through hoops to
achieve that as much as anybody else, but I'd rather not pull a
"Pajero"[1] if it can be avoided -- I recently read an article in the
newspaper about clashes of cultures and it's amazing how things that are
innocuous in one culture are offensive in another.

[1]: http://en.wikipedia.org/wiki/Mitsubishi_Pajero

> > Which makes "Show list of users" in the login settings kind of dead in
> > the water, unless that list of users is somehow limited, e.g. to people
> > who were logged into the system in a certain timeframe (e.g. since 4
> > weeks before the last successful login), and/or people who have been
> > created on that system, ...
> 
> ...which is pretty much exactly what the user list in the greeter
> already does.

That's nice. On account of not using LDAP/NIS/Kerberos on any of my
systems (which have a gdm login screen), I wasn't aware of that it makes
such a distinction. The last thing in that context I heard about was
fast-user-switch-applet excessively burning CPU cycles to enumerate all
NIS users (multiplied by a number of these applets running concurrently
on a VNC/NX terminal server ;-), so I wanted to cover that bit.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp at redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
 Safety, deserve neither Liberty nor Safety."  --  B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

More information about the Fedora-desktop-list mailing list