Re: [gdm-list] login without password
- From: Brian Cameron <Brian Cameron Sun COM>
- To: Maarten de Boer <mdeboer iua upf edu>
- Cc: gdm-list gnome org
- Subject: Re: [gdm-list] login without password
- Date: Fri, 22 Jun 2007 15:08:02 +0800
Maarten:
Sorry, it seems that your email hasn't really generated much feedback.
I'm happy to hear that you were able to get GDM to do what you wanted
via PasswordRequired, and I agree the configuration needed sounds a
bit painful.
One hesitation I have to making GDM automagically configure PAM for
you is that PAM implementations aren't exactly the same on all distros
so it might be hard to code in a generic way that works across
distros. For example, note that /etc/pam.d/gdm-autologin file is distro
specific. Not all distros ship this, nor is is bundled with GDM
directly (e.g. if you build GDM from source you won't find this file).
It might be better to just update the GDM documentation so that the
PasswordRequired option contains more detail explaining how to do
the additional configuration needed. If you wanted to edit
docs/C/gdm.xml to include such text, I'd be happy to commit this to
source so it is in the docs for everyone to see and learn from your
experience.
But, if you think you can code something together that would work
across multiple distros, please feel free to submit it for
consideration.
Brian
Yesterday, I setup my system (Ubuntu 7.04, though I am pretty sure it
is a common issue) to allow password-less login for my daughter. The
gdmsetup utility has the security option for autologin, which almost
does what I want, but not quite.
So I found the gdm.conf option PasswordRequired=false, but this wasn't
enough; I also had to create a file containing the usernames allowed to
do passwordless login, and modify my /etc/pam.d/gdm.conf to contain:
auth sufficient pam_listfile.so sense=allow file=/etc/gdm/nopassword item=user
All-together, a bit tricky for a feature that, even though it is some
sort of a niche, in my opinion is rather important for the introduction
of linux into the home environment. I really don't want to require a 5
year old to authenticate.
I think it would be very nice to have the PasswordRequired=false
functionality somehow present in the gdmsetup utility, as well as the
list of users that can login without a password.
After off-list discussion with Brian Cameron, I realize that it would
be problematic for gdmsetup to have to modify the pam configuration.
So a good solution would be to have a /etc/pam.d/gdm-nopassword file,
similar to the /etc/pam.d/gdm-autologin file, that would be used by
gdm if the PasswordRequired option is set to false. It would contain
the auth sufficient pam_listfile.so line above.
The gdmsetup utility could then contain a checkbox to activate this
"Allow login without password" feature, combined with a list of users
"Users that can login without password" (which modifies the
/etc/gdm/nopassword file).
I would be pleased to submit a patch to gdm and gdmsetup to add
this functionality, if it would be accepted upstream. I am aware that
there is a security issue involved here, but as it is restricted to the
gdm login only, I suppose it should be acceptable, especially since
the passwordless autologin is also there, which implies exactly the same
security issue.
What do you think?
Kind regards,
maarten
_______________________________________________
gdm-list mailing list
gdm-list gnome org
http://mail.gnome.org/mailman/listinfo/gdm-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]