[system-tools] Allowing password-less connexions



Hi! I was discussing on GDM's list of implementing a graphical way to
allow users to login through GDM and gnome-screensaver without entering
their password. I'd like to code it and it may well be that users-admin
is the place it should go into. This is a much wanted feature that is
preserving security for remote login and administrative tasks.

It is easy to set up using PAM: you need to modify /etc/pam.d/gdm.conf
so that it contains this:
"auth sufficient pam_listfile.so sense=allow file=/etc/gdm/nopassword
item=user"

What we only need is a GUI to select which users will be listed in this
file. First I thought gdm-setup would be the place to do that, but now I
believe it would be nice to put it in users-admin. See my post to the
GDM list. I'd liek to get your comments about this.


Cheers


-------- Transferred message --------
De: Milan Bouchet-Valat <nalimilan club fr>
À: Maarten de Boer <mdeboer iua upf edu>
Cc: gdm-list gnome org
Sujet: Re: [gdm-list] Allowing password-less connexions
Date: Sun, 04 May 2008 18:07:32 +0200

I've just read the answer Martin got last time he raised this issue.
Obviously distro-specific PAM will be a problem - but what would be nice
is that a distribution wanting to enable this feature can do this
easily. For this we would need mostly a GUI, since PAM files are anyway
written by the distros.

After thinking a little more, I though that maybe it would be more
logical and easier to add a checkbox in the users profiles in
users-admin (from gnome-system-tools) allowing to skip password check in
GDM/gnome-screensaver. This option would just write the username to a
file (/etc/gdm-nopasswd.list, /etc/nopasswd.list or so...).
Distributions would have to choose between updating pam.d conf files
accordingly so that this is working, or disabling/hiding this feature
(via a GConf key for example).

Adding this in GDM would require more work and an extended interface,
and moreover the per-user approach may be more friendly than configuring
the login screen (system-wide).

Any comments/criticisms? I'm contacting the g-s-t team to hear what they
think of it, and I CC the gdm-list.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]