1.2. I Need a Custom Login MenuOne thing many managers like is consistency. In many organizations, that starts with what everyone sees at the beginning of the day, the login menu. In this annoyance, I'll show you how you can customize and standardize the GNOME and KDE login menus. But first, you need to select a standard login manager for your workstations. 1.2.1. Configuring the Preferred Login MenuWhether you want to use GNOME, KDE, or another GUI desktop, you need to select your preferred login manager. Even if you're running GNOME desktops, you can still use the KDE login manager, and visa versa. Each of the book's preferred distributions allows you to select the preferred login manager in a configuration file specific to that distribution, as described in Table 1-1.
As you review what each login manager can do in this annoyance, you may change your mind on what's best. You can always return to this section and configure a different preferred login manager for your systems. If you're configuring a standard across many users' computers, you'll have to copy the appropriate file to the other systems that you administer. 1.2.2. Customizing the GNOME Login MenuBefore you start editing the GNOME Login Menu, back up the defaults in the GNOME configuration directory. The location of this directory varies by distribution. As of this writing, it is:
As distributions evolve, these directories may change. To find the directory on your distribution, run one of the following commands: rpm -ql gdm | grep gdm.conf dpkg -L gdm | grep gdm.conf If you get no output, either you haven't installed the GNOME Login Menu package or the name of the directory has changed. The standard tool to edit the GNOME Login Menu is the Login Screen Setup tool, which you can start with the gdmsetup command. This opens the Login Screen Setup window shown in Figure 1-5. I'll examine each of the tabs in turn. Figure 1-5. The GNOME Login Screen Setup window
1.2.2.1. GeneralThe General tab defines the basic settings associated with the GNOME Display Manager login screen and allows you to configure several options, which are described in Table 1-2. Be aware that SUSE Linux Professional enables automatic logins by default. This is all right for a system dedicated to a single user in an environment, such as laptop or home office, where intruders are not expected to meddle with it. It also is a good choice for a locked-down public terminal offering a guest account. It should be disabled otherwise.
1.2.2.2. Standard greeterUnder the "Standard greeter" tab, you can configure the look and feel of the Standard Greeter for local and remote users. You can configure a logo and an image (or enable "choosable" images so each user can configure her image to her taste), as well as a background image and color. The Standard Greeter is known as the GTK+ Greeter in Fedora Core. 1.2.2.3. Graphical greeterUnder the "Graphical greeter" tab, you can configure the look and feel of the Graphical Greeter for local and remote users. Linux distributions include several optional themes, and you can configure your own. In fact, this is one way to create a customized look and feel for your organization. The Graphical Greeter is known as the Themed Greeter in Fedora Core. You can use the current themes as a model for your own. With a little trial and error, you can replace the .png files in the appropriate themes/ subdirectory with the images of your choice. The location of the themes/ subdirectory varies. While the default is /usr/share/gdm/themes, SUSE stores Graphical Greeter themes in /opt/gnome/share/gdm/themes. Alternatively, you can download your own themes; one source is http://themes.freshmeat.net/browse/991/, where most of the themes are available under the GNU General Public License (GPL). If I had to create a custom theme for my organization, I'd use one of the themes available as a template and substitute the appropriate image files. Of course, you can create your own, using one of the many models available. 1.2.2.4. SecurityThe Security tab includes several options, described in Table 1-3.
1.2.2.5. AccessibilityAccessibility modules support users who need assistive technologies, particularly those who are unable to use keyboards or pointing devices in a "standard" fashion. For more information, see Appendix A of the GNOME Desktop Accessibility Guide; a version for GNOME 2.10 is available from http://www.gnome.org/learn/access-guide/2.10/. (The GNOME 2.12 Desktop Accessibility Guide was not available as of this writing.) 1.2.2.6. XDMCPThe X Display Manager Control Protocol (XDMCP) supports logins to remote GUI systems. As you can see from the XDMCP tab, there are several ways you can configure this protocol if you want to allow remote users to log in to your system using the GNOME Display Manager, as described in Table 1-4.
1.2.2.7. Replicating login configuration to multiple systemsOnce you're satisfied with the changes on one system, you'll want to transmit those changes to other systems on your network. As the GNOME Login Manager is system-wide instead of specific to each user, associated settings depend on standard configuration files in the distribution-dependent directories defined earlier. Just copy the files in the noted directories from system to system to implement the changes on the desired computers. 1.2.3. Customizing the KDE Login ManagerBefore you start editing the KDE Login Manager, back up the defaults in the KDE configuration directory. The location of this directory varies by distribution. As of this writing, it is:
In any case, the key file is kdmrc , which you can edit directly. Alternatively, you can start the KDE Login Manager editing tool from the KDE Control Center. Navigate to System Administration Login Manager. You can also run the Figure 1-6. The KDM Login Manager configuration tool
1.2.3.1. AppearanceThe options under the Appearance tab allow you to customize the overall look and feel of the KDE Login Manager, as described in Table 1-5.
1.2.3.2. FontThe options under the Font tab allow you to customize the fonts you see in the KDE Login Manager. There are three categories and one other option, as described in Table 1-6.
1.2.3.3. BackgroundThe options under the Background tab allow you to customize the display behind the main part of the KDE Login Manager. While details go beyond the level of annoyances, the impact is that you can add the picture or slideshow of your choice. You may use this tab to customize the login screen with a corporate or organizational seal. 1.2.3.4. ShutdownThe Shutdown tab defines who can shut down or reboot a computer from the KDE Login Manager window. By default, all users are allowed to shut down or reboot the local computer using the KDE Login Manager. I recommend that you disable this option for most systems (with the possible exception of single-user workstations) because no password is required. 1.2.3.5. UsersThe Users tab defines the users listed in the KDE Login Manager. By default, all regular and nonstandard users as defined in /etc/passwd within a certain UID range are listed. I believe this is a bad default. Even if you've disabled users such as ftp with a home directory such as /sbin/nologin, this is a clue that a cracker might be able to use to break into your system. I recommend that you disable this setting by deselecting the Show List option. If you're focused on user convenience, see the next tab. 1.2.3.6. ConvenienceSometimes it's OK to configure a workstation with an automatic login. In fact, it's the default for SUSE Linux Professional Workstation. If you need to choose "Enable auto-login," I recommend that you do so for a specific user, selected under the Preselect User area, with relatively minimal permissions. If you're comfortable with the relative security of that account, you may also want to choose "Enable password-less logins." |