kde-workspace/kdm/TODO

- frontend doesn't handle async aborts correctly

- too many too big repaints in themer

- fix strings & add KUIT

- allow theme to specify gui-style & color-scheme.

- themer: interpret altfile attribute to image nodes

- initialize theming 'mode' properly. need to adapt action menu construction.
  problem: the modes do not cover certain kdmrc settings. (partial patch)

- do something about GreetString, i18n & theming. need some magic for the default.

- report critical startup errors to the console
- set LANGUAGE in the backend for i18n-capable PAM libs

- handle non-linux VTs:
  on systems without VT_GETSTATE, try activating all consoles in turn to
  find free ones. wow, this sucks so much.
  - BSD: 1st: pcvt, /dev/ttyC[0] (OpenBSD), /dev/ttyv[0] (other),
              also emulated by wscons on /dev/ttyE.
         2nd: syscons, /dev/ttyv[0], fallback /dev/vga
  - Lynx, /dev/atc[0]
  - Solaris, /dev/vt[00]
  - SVR4, /dev/vc[00] (ESIX), /dev/vt[00] (other)
  - SCO, /dev/tty[00], query current with CONS_GETINFO, counts 0-based
  ref: xorg/programs/Xserver/hw/xfree86/os-support/xf86_OSlib.h

- possibly parse Xserver log to find failure cause. this is very hacky.

- try harder to get rid of processes, see X servers failure cleanup path

- make auto-re-login (& EchoPasswd) per-user option; save in .dmrc.

- add Xserver option set selection (#56329)
- add support for XRandR (#48602)
save these options to .dmrc?

- per-display sections in .dmrc. read-only, as far as kdm is concerned, as
  otherwise the GUI would become insanely complex.

- make config position independent
- warn about conflicting {Static,Reserver}Servers settings. more sanity checks?
- parse /etc/kderc?
- merge multiple kdmrcs in the style of kconfig (#143456).
  how to set section priorities? the included file is recessive to *any*
  matching entry from the master file.

genkdmconf:
- config inherits paths that point directly into the previous installation:
  LogoPixmap & Theme in kdmrc, Wallpaper & WallpaperList in backgroundrc -
  to fix the latter, treat backgroundrc as an ini file, not as a text blob
- add proper quoting and dequoting to ini parser & writer
- determining *uid could use finding obviously valid uids (valid password,
  maybe home paths) and rounding

- kcm: deal with NoPassUsers=*
- kcm: detach backgroundrc change status from kdmrc change status.
- write a separate configurator application, as kcontrol does not scale well
  enough to cover all of kdm's options.

- write modern conv plugin. or maybe this should be a parallel vs. serial
  setting of the classic plugin? (#148110)
- change conversation plugin interface:
  - make gplugActivity() and gplugChanged() signals
    - how to handle the meta object? don't want a lib. probably include
      in every plugin (build system for external plugins?)
  - introduce signal userPresent() - equivalent to mouse motion. should
    prevent unlocker from going away, possibly should make unlocker pop up
    (would need to be emitted even if not running). should not prevent timed
    login.

- actually implement the libpam_client support

- check if pam works before trying to authenticate
- test whether nis, kerberos4 & kerberos5 work
- sync BSD_AUTH from xdm, sync osfc2 from kcheckpass

- Move clock from greeter dialog to desktop
- add more clock types (#18178)
- make kdm use plasma?
- add icons to action menu. icon theme selection!

- make greeter accels use ctrl instead of alt

- make auto-completion in login field cope with case-insensitivity

- Add XDMCP _client_ to core (for remote login like in dtlogin).
  Currently this is done by simply restarting the x-server with -query.
  Can't be done without extending XDMCP, though.

- many simultaneously running choosers will torture the target servers
  independently from each other.

- add login restrictions for reserve displays (#59353)

- possibly do the authentication for the reserve display on the display it
  is launched from (relates #59353)

- remote-accessible command sockets for remote shutdown, etc.
  or maybe implement it as an xdmcp extension?
- LoginMode=DirectQuery

- the per-display sockets are in fact nonsense; gdm's approach is better
- use dbus instead of command socket?

- add bgset to XDM_MANAGED
  add socket command "background\t{inprogress,aborted,done}"
- actually, remove XDM_MANAGED and do everything via the socket.

- lilo boot option <default>, i.e., -R with no argument
- support lilo -A mode

- support suspend/hibernate/standby in the shutdown menu. should this be really
  treated like a shutdown? (#33839)

- add language selection (export as LC_*). (#55379, #63804)
- add keymap selection (via xkb) (#51245, #64642)
for both, one would preset a list of available options and make one entry
the greeter's own setting. explicitly setting it sets it for both the greeter
and the session. .dmrc later affects only the session, not the greeter.

- handle failsafe internally, take care of focus. see #32973

- TryExec for "custom" session type. always show the entry, but disable it
  if it is unavailable for the selected user.

- cursor theming support via Xcursor (#66829)

- add screensaver (#41941)
- support DPMS (#18597)

- add a minimalistic window manager to the greeter (#17716, #51039)

- Different logos for each session type (see #74500)
- User pictures in logo field
- display user's .plan/.project (or .person? .userinfo?) in the greeter?
  text area/label would suck -> tooltip?

- allow disabling full names or login names in userview (#54110)
- user list loading in the background (after first few to get a reasonable
  width estimate)

- faking session parameters (type, language, etc.) of nonexistent users based
  on statistical analysis of actual users ... severe overkill!?

- export password to the startup/session scripts. somehow ... (#35396)

- maybe reset CapsLock in the greeter. there is some CapsLock vs. ShiftLock
  confusion, though.

- maybe add kiosk mode: the user and his options are preset and locked in
  the greeter. i doubt it's usefulness, though.

- make builtin xconsole hideable; it should free the device when invisible.
  possibly auto-hide it on vt switch - see krunner_lock for the x event
  handling.

- ssh-agent/gpg-agent integration (#44177, #65709)

- lbxproxy integration (tell ghakko)

- make shutdown an in-daemon function, not a pre-exit action.
  displays need to wake up again if nothing happens, though - add
  configurable shutdown timeout.
- when a shutdown is scheduled, don't remove all login possibilities.
  instead, display a warning in the greeter. use SIGUSR1 to notify already
  running greeters about changes.
- user notification about scheduled shutdown (and cancelled forced shutdown):
  - wall
  - greeter popup
  - d-bus message. this would be best, particularly because screen savers
    would need no special handling then.
- maybe bomb DefaultSdMode, save in state file instead. compare with ksmserver.

- gdm changelog indicates that PAM sometimes
  - continues despite PAM_CONV_ERR
  - asks user name twice
- gdm avoids the PAM_MESSAGE message box vs. prompt problem by displaying
  everything in one "error area". all messages are simply appended; an empty
  message clears the area.
- gdm stops cursor blinking on not used (remote) displays after 20 secs to
  save bandwidth.

internal stuff:
- sessreg.c does no file locking whatsoever
- improve signal handling in the subdaemon, it's incredibly racy (SIGTERM, etc).
  depends on proper main loop.
- greeter sometimes won't shutdown when killing kdm - prolly some race
- the process reaping from gClose should be in sync with the main loop.
- kill warning on AIX - see bug #13628 (really present?)
- xdmcp.c: make networkAddressToName use networkAddressToHostname?
- rethink the coupling of the kdm components, particularily the config reader.
  options:
  - keep things basically as-is, make the Xaccess interface even more flexible,
    add capability flags.
  - as previous, but don't use #defines, but textual constants. even more
    flexible, but slower, bigger, no compile-time checking, and the typing
    system would have to be more core-based. keys in the rc are considered
    invalid if they were not queried.
  - completely opposite: no explicit queries, but hard-code everything. that
    kills the idea of having one backend binary for multiple frontends, but
    that's a BlueSkyDream anyway.
    following that path, the config reader could be nuked at all. will have to
    do this for performance reasons anyway if some some sort of call-back
    mechanism for option values is added to allow some automation (depending
    on boot options, for example). possible callbacks are KConfig-like [$e]
    interpretation and an include statement that generates a config on the fly.

ralf says:
- put the kmenu sidebar image on the left of the greeter
- enable the clock by default

thoughts (not really todo):
- PAM sucks. big time.
  historically, it is completely incapable of operating in event-driven contexts
  when it comes to non-console authentication schemes. the module just hangs in
  pam_sm_authenticate() (pam_authenticate() to the outside), waiting for input
  from its device.
  then came linux-pam 0.58, introducing PAM_BINARY_{MSG,PROMPT} to the
  conversation function interface. no conversation function could handle the
  binary prompts generically, of course. so came linux-pam 0.63 with a client
  library that would add another layer of indirection, so the conversation
  function could simply call into it and it would do whatever was configured
  by the admin. and everbody was happy, right? wrong! i've yet to see a single
  module (except for the demo module in linux-pam, of course) that actually
  uses this feature. not to mention the non-existing portability (you don't
  seriously expect TOG to extend the PAM standard within the next decade, do
  you?). so we're right where we started from.
  this imposes problems in two use cases:
  - cancelling authentication alltogether. this happens when the user changes
    the authentication method or when the greeter exits for some reason. if
    the process waits in the conversation function, it can simply return
    PAM_CONV_ABORT. if the module hangs, we're screwed.
  - suspending authentication. this is needed for shutdowns that need auth.
    if the module hangs, we're screwed, of course. if we're waiting in the
    conversation function, we have three options: 1) just abort the auth
    cycle and start a new one. this is what is done currently. 2) just open
    a second pam handle and authenticate with it, all from within the "outer"
    pam_authenticate(). if we're lucky, no involved modules use static variables
    and things work out. 3) linux-pam 0.65 introduced the following: the
    conversation function can return PAM_CONV_AGAIN. this in turn makes the
    module and consequently libpam return PAM_INCOMPLETE, requesting the
    application to call the resp. libpam function again. in theory this
    guarantees that authentication with a second pam handle is safe. of course,
    PAM_INCOMPLETE is just as popular and thus useful as PAM_BINARY_PROMPT.
  we could just longjmp() out of hanging modules from a signal handler.
  however, this might lead to resource leaks and even leave us with an unstable
  libpam. killing the hanging process seems like the most viable solution.
  however, for this we first need to make the greeter a child of the master
  daemon. also, the display sub-daemon (which happens to do the main auth.)
  is responsible for keeping the initial X connection open. killing it would
  terminate the session according to the XDMCP spec. other issues are probable.
- multiple conv. plugins could be used in a row, each serving a pam module.
  the plugins would have to detect that it's their turn by filtering messages
  and prompts.
- consider making the menu an actions-only menu again and put an "options >>"
  button somewhere. relates #63401, #61492
- pipe .xsession-errors through the daemon and put a size limit on it.
  remove old logs in disk-full situation.


last sync with XFree86 HEAD: 2004-04-02