Re: [gdm-list] login without password

[Brian Cameron <Brian Cameron Sun COM>]

Maarten:

Sorry, it seems that your email hasn't really generated much feedback.
I'm happy to hear that you were able to get GDM to do what you wanted
via PasswordRequired, and I agree the configuration needed sounds a
bit painful.

One hesitation I have to making GDM automagically configure PAM for
you is that PAM implementations aren't exactly the same on all distros
so it might be hard to code in a generic way that works across
distros.  For example, note that /etc/pam.d/gdm-autologin file is distro
specific.  Not all distros ship this, nor is is bundled with GDM
directly (e.g. if you build GDM from source you won't find this file).

It might be better to just update the GDM documentation so that the
PasswordRequired option contains more detail explaining how to do
the additional configuration needed.  If you wanted to edit
docs/C/gdm.xml to include such text, I'd be happy to commit this to
source so it is in the docs for everyone to see and learn from your
experience.

But, if you think you can code something together that would work
across multiple distros, please feel free to submit it for
consideration.

Brian

> Yesterday, I setup my system (Ubuntu 7.04, though I am pretty sure it
> is a common issue) to allow password-less login for my daughter. The
> gdmsetup utility has the security option for autologin, which almost
> does what I want, but not quite.
>
> So I found the gdm.conf option PasswordRequired=false, but this wasn't
> enough; I also had to create a file containing the usernames allowed to
> do passwordless login, and modify my /etc/pam.d/gdm.conf to contain:
>
> auth sufficient pam_listfile.so sense=allow file=/etc/gdm/nopassword item=user
>
> All-together, a bit tricky for a feature that, even though it is some
> sort of a niche, in my opinion is rather important for the introduction
> of linux into the home environment. I really don't want to require a 5
> year old to authenticate.
>
> I think it would be very nice to have the PasswordRequired=false
> functionality somehow present in the gdmsetup utility, as well as the
> list of users that can login without a password.
>
> After off-list discussion with Brian Cameron, I realize that it would
> be problematic for gdmsetup to have to modify the pam configuration.
>
> So a good solution would be to have a /etc/pam.d/gdm-nopassword file,
> similar to the /etc/pam.d/gdm-autologin file, that would be used by
> gdm if the PasswordRequired option is set to false. It would contain
> the auth sufficient pam_listfile.so line above.
>
> The gdmsetup utility could then contain a checkbox to activate this
> "Allow login without password" feature, combined with a list of users
> "Users that can login without password" (which modifies the
> /etc/gdm/nopassword file).
>
> I would be pleased to submit a patch to gdm and gdmsetup to add
> this functionality, if it would be accepted upstream. I am aware that
> there is a security issue involved here, but as it is restricted to the
> gdm login only, I suppose it should be acceptable, especially since
> the passwordless autologin is also there, which implies exactly the same
> security issue.
>
> What do you think?
>
> Kind regards,
>
> maarten
>
>
>
>
> _______________________________________________
> gdm-list mailing list
> gdm-list gnome org
> http://mail.gnome.org/mailman/listinfo/gdm-list