Passwordless authentication mechanisms from the GUI (GDM)
H.2214 | Day 2 | 13:05 - 13:30 | Speakers: Iker Pedrosa, Joan Torres Lopez
Abstract
The world is moving toward more modern and secure authentication methods. This transition is driven by a global push for Zero Trust Architecture (ZTA), which many organizations are adopting as a security mandate.
In this context, the FreeIPA, SSSD, and GNOME Display Manager (GDM) ecosystems have been working to meet these evolving demands.
As a result, GDM has received several improvements to enhance the authentication experience. Two new mechanisms have been added: passkeys and external IdP (web login). Users can now choose among the supported authentication mechanisms, and the PAM conversation has been extended to support this new scenario with multiple authentication options.
In this talk, we’ll cover what the GDM authentication architecture looks like and how it handles PAM conversations. We will discuss the new PAM extension that uses JSON messages to support these mechanisms, the changes made in GDM to allow selecting different authentication methods, upcoming enhancements, and provide a demonstration of the current implementation.
Attachments
Speakers
Iker Pedrosa is a Software Engineer at Red Hat, contributing to Red Hat Enterprise Linux. Since joining the company in 2020, he has brought his passion and dedication to the team. Iker's background includes experience in the automotive and 3D printing industries, where he honed his skills as a Software Engineer.
Software Engineer specializing in the GNOME desktop stack. I am part of the team maintaining GDM, but my work doesn't stop at the login screen. I am deeply interested in the entire graphics stack, keeping a close eye on Mutter and remote desktop solutions.
Links
External Links
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.