fix: auto-detect display manager in installer

Support GDM, SDDM, and LightDM for PAM integration. Detect which
display manager is running and configure the correct PAM file. Show
manual instructions if no supported DM is found.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

install.sh

@@ -31,7 +31,7 @@ cd "$SCRIPT_DIR"
 
 if [ "$1" = "--uninstall" ]; then
     echo -e "${CYAN}${BOLD}Uninstalling Linux Hello...${NC}"
-    sudo sed -i '/pam_linux_hello/d' /etc/pam.d/gdm-password 2>/dev/null || true
+    sudo sed -i '/pam_linux_hello/d' /etc/pam.d/gdm-password /etc/pam.d/sddm /etc/pam.d/lightdm 2>/dev/null || true
     sudo systemctl disable --now linux-hello.service 2>/dev/null || true
     sudo rm -f /usr/libexec/linux-hello-daemon /usr/local/bin/linux-hello
     sudo rm -f /lib/x86_64-linux-gnu/security/pam_linux_hello.so /lib/security/pam_linux_hello.so
@@ -186,9 +186,37 @@ sudo ORT_DYLIB_PATH=/usr/local/lib/linux-hello/libonnxruntime.so linux-hello enr
 
 # ─── PAM Integration ─────────────────────────────────────────────────────────
 
-# Add face auth to GDM (if not already there)
-if ! grep -q "pam_linux_hello" /etc/pam.d/gdm-password 2>/dev/null; then
-    sudo sed -i '/@include common-auth/i auth    sufficient      pam_linux_hello.so timeout=5' /etc/pam.d/gdm-password
+# Detect display manager and configure PAM accordingly
+DM_NAME=""
+PAM_CONFIGURED=false
+
+if systemctl is-active --quiet gdm.service 2>/dev/null || systemctl is-active --quiet gdm3.service 2>/dev/null; then
+    DM_NAME="GDM"
+    PAM_FILE="/etc/pam.d/gdm-password"
+    if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then
+        sudo sed -i '/@include common-auth/i auth    sufficient      pam_linux_hello.so timeout=5' "$PAM_FILE"
+        PAM_CONFIGURED=true
+    elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then
+        PAM_CONFIGURED=true
+    fi
+elif systemctl is-active --quiet sddm.service 2>/dev/null; then
+    DM_NAME="SDDM"
+    PAM_FILE="/etc/pam.d/sddm"
+    if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then
+        sudo sed -i '/auth.*include.*system-login\|auth.*include.*common-auth\|@include common-auth/i auth    sufficient      pam_linux_hello.so timeout=5' "$PAM_FILE"
+        PAM_CONFIGURED=true
+    elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then
+        PAM_CONFIGURED=true
+    fi
+elif systemctl is-active --quiet lightdm.service 2>/dev/null; then
+    DM_NAME="LightDM"
+    PAM_FILE="/etc/pam.d/lightdm"
+    if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then
+        sudo sed -i '/@include common-auth\|auth.*include.*system-login/i auth    sufficient      pam_linux_hello.so timeout=5' "$PAM_FILE"
+        PAM_CONFIGURED=true
+    elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then
+        PAM_CONFIGURED=true
+    fi
 fi
 
 # ─── Done ─────────────────────────────────────────────────────────────────────
@@ -198,8 +226,21 @@ echo -e "${GREEN}${BOLD}  ╔═════════════════
 echo "  ║      Installation complete!       ║"
 echo "  ╚═══════════════════════════════════╝${NC}"
 echo ""
-echo "  Lock your screen and look at the camera to unlock."
-echo "  Your password always works as a fallback."
+
+if [ "$PAM_CONFIGURED" = true ]; then
+    echo "  Lock your screen and look at the camera to unlock."
+    echo "  Your password always works as a fallback."
+    echo "  Display manager: $DM_NAME ($PAM_FILE)"
+elif [ -n "$DM_NAME" ]; then
+    echo -e "  ${YELLOW}Could not configure $DM_NAME automatically.${NC}"
+    echo "  Add this line to $PAM_FILE before the auth include:"
+    echo "    auth    sufficient      pam_linux_hello.so timeout=5"
+else
+    echo -e "  ${YELLOW}No supported display manager detected (GDM, SDDM, LightDM).${NC}"
+    echo "  To enable face unlock, add this line to your display manager's PAM config:"
+    echo "    auth    sufficient      pam_linux_hello.so timeout=5"
+fi
+
 echo ""
 echo "  Commands:"
 echo "    linux-hello test       — test face recognition"