Logging into Chrome OS

I was digging through the source for Chrome after noticing that in the video demonstrations, you log into the OS using your Google account. This is huge and really demonstrates that they intend Chrome OS to be an internet device. Instead of having your local accounts with one set of authentication tokens and a separate set of tokens for your online accounts (if you are security conscious) you only have a single set of tokens that works for everything.

This is how they plan to remove all those steps from the boot process. If they can get you to login to their services from the login prompt, you won’t have to repeat yourself again when the browser window opens up. A huge time and hassle saver.

The guts of the authentication system are implemented as a Linux-Pluggable Authentication Module located within $CHROMEROOT/src/platform/pam_google

Currently the module uses the libcurl library and makes an HTTP POST request with the username and password inside the body over SSL to Google’s account servers. If the login is valid, the module gets an AuthToken and gets cookies, presumably to be passed onto the browser so that the user will be logged into Google when the browser comes up.

In the event that the servers are not available, cached credentials will be used to allow the user to log into the machine. It is very similar to how login credentials can be cached on a laptop joined to a domain, so that when a user is on the road and away from the domain they can continue to log into the machine without having to dial in.

Developers can also set an option at compilation that will allow a local login to exist and be used by the system, which will skip connecting to Google’s login servers.