After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 708846 - RFE: Provide (off by default) feature for showing notification at start up about recent login failures/successes.
RFE: Provide (off by default) feature for showing notification at start up ab...
Status: RESOLVED OBSOLETE
Product: gnome-settings-daemon
Classification: Core
Component: general
3.10.x
Other Linux
: Normal normal
: ---
Assigned To: gnome-settings-daemon-maint
gnome-settings-daemon-maint
Depends on: 709308
Blocks:
 
 
Reported: 2013-09-26 15:33 UTC by Allan Day
Modified: 2019-03-20 11:12 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
test.c (3.40 KB, text/plain)
2013-10-02 20:49 UTC, Bastien Nocera
Details

Description Allan Day 2013-09-26 15:33:58 UTC
I enter my password, and while I wait to log in, I see messages displayed below the password field. They say things like "There was 1 failed login attempt since last time". It looks bad, and it will also be disturbing for people. It looks like someone has been trying to hack your account.
Comment 1 Ray Strode [halfline] 2013-09-26 15:36:26 UTC
This is a fedora change.  I got reverted in time for f19, but it snuck back in for f20.
Comment 2 Ray Strode [halfline] 2013-09-26 15:42:58 UTC
also see bug 694688
Comment 3 Allan Day 2013-09-26 15:50:15 UTC
As bug 694688 points out, the login screen isn't a good place for these messages - since it would imply delaying login long enough for them to be read. A better approach would be to show the information in a notification after login has taken place.

That said, while it is fine to provide this for deployments that require it, I don't think it makes sense to have it on by default.
Comment 4 Ray Strode [halfline] 2013-09-26 17:21:05 UTC
repurposing this bug for the suggested change and retitling for clarity.

Reassigning to gnome-settings-daemon, since it's a post-login feature, and probably best implemented there.
Comment 5 Bastien Nocera 2013-09-30 06:38:57 UTC
Removing the 3.10.1 whiteboard, this isn't going to land in 3.10.
Comment 6 Allan Day 2013-09-30 17:13:26 UTC
Some more context for this feature: display of last login details are a requirement for some US government deployments, as described in AC-9 of SP 800-53 [1].

According to these requirements, there are a few things we have to do when the feature is turned on:

 * Display number of unsuccessful login attempts since last successful login.
 * Display the time and date of the last successful login.
 * Require that the user explicitly dismisses this information.

I think that the best way to do this is with a critical notification that is shown immediately after login. This would have the heading:

"x unsuccessful login attempts since last login"

With the body text:

"Last successful login was on <date> at <time>." 

[1] http://dx.doi.org/10.6028/NIST.SP.800-53r4
Comment 7 Matthias Clasen 2013-09-30 21:38:59 UTC
What whould the notification say if there were no unsuccessful login attempts ? 

Maybe just 'Welcome back, Allan!' ?
Comment 8 Allan Day 2013-09-30 21:51:14 UTC
Or "No unsuccessful login attempts since last login" - to reinforce the cases where there are erroneous login attempts.
Comment 9 William Jon McCann 2013-09-30 23:22:09 UTC
One thing to get clarification on is whether they really want to see the time since the last *sign in* or the last account activity which is *sign out*. For example, if you sign in and stay active for a month and sign out today it is weird to see last sign in: August.

If we are just checking of boxes here I guess we go with what the letter of the law is. We can always show more information in the account history in Account Settings.

I wouldn't use the term successful in the message because it is redundant.

I like Matthias' idea to humanize the messages.

primary: "Welcome back"
secondary: "Last signed in on Aug 28 at 1:14 PM."
secondary2: "With 5 unsuccessful attempts since then."

Actions: OK, Show Details

I would use a "friendly" date and time format, if possible. We might want to leave off the name from the subject because it is hard to get a good informal name for the user.

If there have not been unsuccessful attempts I would just skip it.
Comment 10 Allan Day 2013-10-02 15:56:36 UTC
One thing to be clear about - the last login information only needs to be displayed after login itself (ie. session start). We don't need to do this when unlocking.

(In reply to comment #9)
> One thing to get clarification on is whether they really want to see the time
> since the last *sign in* or the last account activity which is *sign out*. For
> example, if you sign in and stay active for a month and sign out today it is
> weird to see last sign in: August.
> 
> If we are just checking of boxes here I guess we go with what the letter of the
> law is. We can always show more information in the account history in Account
> Settings.

I've checked, and it seems that the requirement only mentions time and date of last login. I agree that this isn't the most helpful piece of information to display, but it seems to be what they want.

> I wouldn't use the term successful in the message because it is redundant.

Agree.

> I like Matthias' idea to humanize the messages.
> 
> primary: "Welcome back"
> secondary: "Last signed in on Aug 28 at 1:14 PM."
> secondary2: "With 5 unsuccessful attempts since then."
> 
> Actions: OK, Show Details
> 
> I would use a "friendly" date and time format, if possible. We might want to
> leave off the name from the subject because it is hard to get a good informal
> name for the user.
> 
> If there have not been unsuccessful attempts I would just skip it.

Sounds good.
Comment 11 Bastien Nocera 2013-10-02 19:28:15 UTC
bug 709308 has a patch to add an option to open the history dialogue in the user accounts panel.
Comment 12 Bastien Nocera 2013-10-02 20:07:10 UTC
Filed:
https://bugs.freedesktop.org/show_bug.cgi?id=70052

About getting the API to get login failures from accounts service.
Comment 13 Bastien Nocera 2013-10-02 20:49:21 UTC
Created attachment 256328 [details]
test.c

A stand-alone application. With the new notification, we might not even need to let the application running for gnome-shell to still be able to act up on it.

I think having it in a separate startup application, not in g-s-d, means that we avoid popping up the notification when g-s-d crashes or restarts. It also means that it's easily backportable/installable when needed.
Comment 14 Allan Day 2014-01-21 07:55:18 UTC
(In reply to comment #13)
> Created an attachment (id=256328) [details]
> test.c
> 
> A stand-alone application. With the new notification, we might not even need to
> let the application running for gnome-shell to still be able to act up on it.
> 
> I think having it in a separate startup application, not in g-s-d, means that
> we avoid popping up the notification when g-s-d crashes or restarts. It also
> means that it's easily backportable/installable when needed.

Just to be clear - you're proposing that, when the "last login" feature is on, the control center's history dialog should be launched when the user logs in?
Comment 15 Bastien Nocera 2014-01-21 08:01:48 UTC
(In reply to comment #14)
> (In reply to comment #13)
> > Created an attachment (id=256328) [details] [details]
> > test.c
> > 
> > A stand-alone application. With the new notification, we might not even need to
> > let the application running for gnome-shell to still be able to act up on it.
> > 
> > I think having it in a separate startup application, not in g-s-d, means that
> > we avoid popping up the notification when g-s-d crashes or restarts. It also
> > means that it's easily backportable/installable when needed.
> 
> Just to be clear - you're proposing that, when the "last login" feature is on,
> the control center's history dialog should be launched when the user logs in?

Absolutely not. The test app is attached to this bug. It would stay in a separate small login app. The "show details" button would launch the history dialogue in user-accounts panel with all the details.
Comment 16 GNOME Infrastructure Team 2019-03-20 11:12:47 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/issues/228.