authconfig-gtk UI revamp

Recently I’ve been working on a UI revamp of authconfig-gtk AKA system-config-authentication. Here is
the existing UI:

From what I’ve gathered about this UI:

  • It’s fairly old.
  • It’s grown organically, with new options and features added on piecemeal without an overall design vision.
  • It exists in firstboot too, under the ‘network login’ button.
  • It allows you check off as many and whatever identity and authentication methods you desire, even if the combinations make no sense.

That last point leads me to classify it as a good example of a box of chocolates GUI, meaning ‘you never know what you’re going to get.’ Configuring isn’t really a task that most people really have as a life goal nor is it something generally considered fun (it’s the cool stuff the configuration eventually enables you to do that’s fun!), so I think configuration / administration UIs like this often degrade to the ‘box of chocolates’ state. Authconfig-gtk will try each combination possible from your selections, trying each little chocolate, er, moving on from failure until it hits one that ends up being cherry creme-filled, er, actually works.
The catalyst for revisiting the UI is a cool new technology called SSSD that folks such as Stephen Gallagher and Dmitri Pal are working on. SSSD stands for ‘system security services daemon.’ It is going to unify identity and authentication access and enable features such as offline login and caching support for centrally-managed system logins (e.g., you don’t need to be on your corporate VPN to be able to log into your laptop which uses an LDAP account on that VPN.) The challenges:

  • SSSD does not yet support all the protocols that the legacy stack does (for example, Winbind) and won’t for Fedora 13.
  • SSSD enables you to do things the legacy stack also supports.
  • There are still users who need to use the legacy stack, so it’s not yet retire-able.
  • There are advantages to using SSSD’s currently-available functionality, so it’s important to provide UI access to it so folks can try it out.
  • Multiple ways of doing the same thing via very different frameworks has a high risk of really confusing users.

At first I struggled a little bit with how to handle the situation. For Fedora 12, a panel specifically for SSSD was simply grafted onto the existing UI, and the model was a little similar to how the GNOME Shell preview works in the Desktop Effects panel of Fedora – it’s this new technology you can ‘enable’ or ‘disable’ in a modal manner:

For Fedora 13, the path Stephen, Dmitri, and Tomas Mraz considered at first was to build a shiny new and fresh UI to handle SSSD-specific configuration, and keep the legacy UI as-is alongside it, with the plan to eventually retire it. The first set of mockups I put together along this path exposed some problems that Matthias helped identify as being too problematic:

  • The user has a task they want to do. We complicate their being able to do it by having to ask them questions along a line so we can figure out what technology they intend to use so we know whether or not to present them with the legacy UI or the new UI. This would complicate firstboot terribly. It’s essentially allowing the implementation to surface on the UI – inside-out UI is no good.
  • Making every single user choose what they want in every case is more difficult than giving the users the most common / useful configuration by default and requiring only some (not all, and hopefully a minority) of users to make other choices and change the defaults. I think the latter is a design pattern we should strive to follow in Fedora.
  • Having two UIs means you might need two menu items – we have enough configuration items in the menus already, and how are users to know which UI they need to go into to accomplish what they need done? It’s not like there would have been a clean split between the two – the legacy UI manages both local and centrally-managed accounts while the new UI manages some centrally-managed account types only.
  • Having the legacy UI pop up in firstboot means having three or four levels deep of windows popping up – firstboot isn’t a desktop environment and it’s awkward to manage windows in a limited environment like that. Yes, it’s like that now, but it doesn’t mean it’s the right way to do it.

Matthias really helped me on the path towards a design that I feel is a whole lot cleaner and simpler to use. Simply put, the new approach here is to take the existing UI, bring it up to speed and give it a clean overall design, and integrate the new SSSD technology into it without it being so painfully apparent which stack is doing what by having the divide between two different and somewhat intersecting UIs. Here’s the breakdown of changes in this new current redesign proposal:

  • We started with a run down of what identity & authentication environments are most common in actual practice. Some of the combos you can select in the current UI (for example, hesiod and winbind) are not actually that common in practice, yet are just as easy to select in that UI as more common scenarios like NIS and kerberos. So now the proposed UI handles only the five most common environments and wacky combinations are not possible. (We figure, if you’re picky enough to want to do something that wacky, you’re comfortable enough setting it up yourself with either the command-line setup program or in the config files.) Through weeding out the less useful combinations, the UI provides a little bit more guidance to the user as to what they might want to select.
  • The main focus is on the environments users need support for, not on the backend (legacy vs sssd) used to provide it. The ‘backend technology’ column of this table shows which backend is called into action for which UI choices. You’ll need the table to figure this out because it’s not embedded into the UI – and it shouldn’t be – do I really care whether or not the legacy stack or SSSD is letting me log into my company laptop? No, I just care that I can log in and get my work done.
  • A group of us walked through the current advanced options tab and noted which options made sense in which scenarios, which didn’t, and figured out which really didn’t belong in the UI. We cut three options that made little practical sense and reworded another to make its utility to the user more clear.
  • The current UI is based on a model of having a base dialog with multiple smaller dialogs that pop up on demand. Why so many windows? The new proposed UI mockups embed the form fields directly in the UI and different fields appear based on which dropdown entries you choose – no more baby windows popping up everywhere. 🙂
  • Ray inspired the sanity-checking form field bits – I was worried about GDM error messages, but he noted it’s better to prevent user error upfront by sanity-checking user-entered fields – especially hostnames – to see if they even have a shot at working. The consequences here are pretty high – I can make a goof that prevents me from logging into my computer at all (unless I can break in via single-user mode.) The stakes are pretty high, so it’s a good idea to prevent error in the first place.

One interesting design problem that popped up was how to handle smartcards. Nalin and Ray very patiently explained to me how they work – the model is different than the other technologies which really conflicted with my own mental model of the situation. Smart cards can be used to authenticate local and network accounts. So if I have a smartcard with the account ‘duffy’ on it, and I have both a ‘duffy’ local login on my laptop as well as a ‘duffy’ login on a corporate LDAP server – when I plug in my smartcard, how does it know whether or not it should log into my local account residing on my laptop, or my corporate account residing on the corporate LDAP server? If I understand correctly, you can’t just configure smart cards to only work for one or the other without affecting other login methods too. So rather than making smart cards another authentication method for LDAP as originally proposed, smart cards are an option in the ‘advanced settings’ tab that you can turn on for both local & remote or off for both local & remote.
Anyway, enough jibber-jabber. If authconfig-gtk / system-config-authentication is a tool you’ve used or if you work in an environment that has centrally-managed logins, please let me know if these mockups make sense or where they might not work in your environment. Or, if you see stupid mistakes or flaws in some of the assumptions / methods I’ve described here, please feel free to holler. We’d love to hear your feedback! (and at the very least, I hope this description of some of the design process behind the revamp is interesting for you 🙂 ) The full current UI revamp proposal is here.

8 Comments

  1. I haven't used SSSD and won't do in the foreseeable future so I can't really comment on the functionality exposed but what strikes me is the huge size of the mockup. I understand you were generous with the spacing and that window (currently 748px tall) may be made to barely fit on a 768 px tall desktop (with two 24 px panels), but for a netbook or an old 800×600 display, this is pain. And I don't see a way to move that info in the page to save space, you may have to move some in tabs or use some collapseable areas.

  2. Great job Mairin! Would love to see a similar review of the print configuration tool 🙂

  3. I'd love to take a look at it. Will I need to build from source from the svn/git repo, or is it pacakged for debuntu somewhere?
    Thanks for the work! There is a lot of room for improvement with regard to distributed authentication in the GNOME world.

    1. These are just mockups, they're not implemented yet. If you're interested in taking a look at SSSD, the upstream page is here: https://fedorahosted.org/sssd/ I don't know if it's packaged for Debian or Ubuntu.

  4. That is awesome. Keep up the work. Getting this easier will help all of the windows admins i work with start using linux 🙂

  5. Philipp Weissenbache says:

    Very nice mockups. I really like the flow from bottom to top, though the wording is truly cryptical to me :).
    Why does one need to provide a resource type for the LDAP server? Why isn't an IP address enough?
    Are there plans for tooltips?

    1. Josh Kelley says:

      A URI is used for LDAP because the scheme / resource can be either ldap or ldaps (for automatic SSL) (just like how web URLs can be http:// or https://).
      A URI also lets you include a non-standard port number.

  6. […] were used in the authconfig-gtk revamp. I used these to figure out if the sequence of policy kit dialogs would make sense. I walked […]

Leave a Reply to SteveCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.