OK, sounds reasonable, though I would rather disable the TSAK checkbox and display a warning message next to it, in order to provide more immediate feedback as to the state of the user's system.
That sounds better. All we need is a mechanism that makes the uinput connection obvious to the user. I never would have figured that out. Well, maybe --- after many four letter words and scouring the source code. :) A context sensitive warning directly in the KControl dialog will do nicely.
I got bitten by this myself, but as I was running tsak from the command line at the time the problem was obvious. I can't imagine how frustrating it would have been from within a GUI...
BTW, the help handbook has nothing about TSAK. Nada. :)
Probably because I still have not figured out how to use the docbook stuff, nor do I have plans to do so. :-)
Send me the text. :)
We don't need a book. Just a few paragraphs. I'll merge the text into the existing TDM help file. Basic description for now:
What is TSAK.
TSAK stands for Trinity Secure Attention Key. A Secure Attention Key is a special keypress to which only certain privileged applications, such as the login and unlock dialogs, are able to respond. This prevents an ordinary user from creating an exact copy of the login screen to "sniff" passwords or other sensitive information, as the unprivileged copy will not be able to detect the SAK keypress, thus providing a visible difference in operation to the user.
When to configure.
Generally, using TSAK is a good idea when you have more than one graphical login account on a machine, for instance in enterprise environments or computer laboratories. If you have only one graphical login account TSAK will not provide tangible benefits over the standard login methods.
Requirements/dependencies.
TSAK requires udev and uinput.
How to use/what users see.
When TSAK is in use, you will be prompted to press Ctrl+Alt+Del before sensitive information is requested. If TSAK is enabled on a system, and you do not see the Ctrl+Alt+Del dialog before sensitive information is requested, someone may be attempting to phish for that information. The most prudent course of action would be to terminate the active X11 session via Ctrl+Alt+Backspace or any other distribution-specific keypress for this action, this restoring control to the kernel and base system.
Tim