[gdm-list] Allowing password-less connexions

[Milan Bouchet-Valat <nalimilan club fr>]

Hi there!

Quite a long time ago, I opened bug 414862 [1] about implementing a
feature in GDM that would allow to skip password checking for users
specified in the gdm-setup. This would allow desktop users to easily get
into their account since they don't really need a password. But at the
same time we would not lose all security since sudo and PolicyKit would
still ask for the password for administration tasks, and ssh connexions
could work too.

This solution is thus much better than the current 'passwd -d'
workaround, which doesn't work by default in many distributions. KDM
already implements this (see the link in the bug report) and many people
are used to the Windows behavior of no password at all - which is not
secure.


I was thinking of helping to implement this in GDM, if you're
interested. I'd just need a little help to find out what problems can be
raised by that and where should it be coded.

If it is just a matter of skipping a PAM check, it should be easy.
Listing the users allowed to avoid entering their password could be done
in gdm-setup using (like in KDM) checkboxes, next to the list of users
to display and to autoconnexion for example. There may be more complex
solutions if we consider it could be nice to allow gnome-screensaver to
access the list to avoid locking the screen - but that's further
thinking. What do you think?

Cheers


1: http://bugzilla.gnome.org/show_bug.cgi?id=414862