Re: Passwordless login

From: Bob Doolittle <Robert Doolittle Sun COM>
To: George <jirka 5z com>
Cc: Søren Hansen <sh warma dk>, gdm sunsite dk
Subject: Re: Passwordless login
Date: Mon, 19 Apr 2004 11:54:20 -0400

George wrote:

On Sun, Apr 18, 2004 at 02:06:50PM +0200, Søren Hansen wrote:

My girlfriend has asked me to ask you if there's any chance that she
wouldn't have to enter her password to login. Simply setting her
password to an empty string is no good, since she'll still have to press
return and besides, the server is available from the internet, so that's
a no go. As a temporary fix to make her happy, I patched gdm_verify_user
in verify-pam to use /etc/pam.d/gdm-autologin if local == TRUE. This,
however brings on a whole new set of problems. (e.g. logging in as root

without a password is not good).Also, not all users might want this. I'm quite comfortable having to

enter my password when I login on the same machine, so this has to be
user configurable.
Any brilliant ideas? I'm thinking that the existence of a semaphore file
in $HOME/.gnome2/ will make gdm use gdm-autologin, but we don't know the
username and hence the $HOME until after we've created the pam_handle,
do we?


The thing is that PAM now asks for the username and we don't really know it
until PAM does it's thing.  Any solution would really have to be in PAM
itself (And that's where such policy should go anyway).  It would be useful
to create a pam module that would allow passwordless login for select local
users.  It also shouldn't be too hard I don't think.

George

This would be trivial in PAM.  You just want to write a PAM module that
implements pam_sm_authenticate() by calling pam_get_user(), checking the
user against your "passwordless users" list, and returning
PAM_SUCCESS if you get a match, PAM_IGNORE if not.  You want
to set up pam.conf to put that module at the top of the stack, listing
the module as "requisite", so that if it returns SUCCESS that's good
enough and the rest of the authentication modules won't get executed.

The only weird thing about PAM (on Solaris anyway) is that you need
some empty stubs for some of its entry-points, even if you don't put
any logic into those routines, or you'll get runtime link errors
(dlsym failures).  I believe those stubs are pam_sm_chauthtok() and
pam_sm_setcred().  They can both simply return PAM_IGNORE.  This may
be an artifact of the Solaris implementation, or it may be more
ubiquitous.  I haven't experimented with PAM on Linux much yet but it
should be the same.  Let us know.  I'll file a bug against Solaris if you
don't find this to be a general problem.

Of course if you want to even *pretend* to have any security left
you'll want your list of users to be root-readable only.

-Bob

References:
- Passwordless login
  - From: Søren Hansen
- Re: Passwordless login
  - From: George

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]