Re: [system-tools] [gdm-list] Allowing password-less connexions

From: Milan Bouchet-Valat <nalimilan club fr>
To: Dan Nicholson <dbn lists gmail com>
Cc: system-tools-list gnome org, gdm-list <gdm-list gnome org>
Subject: Re: [system-tools] [gdm-list] Allowing password-less connexions
Date: Wed, 14 May 2008 09:37:17 +0200

Le mardi 13 mai 2008 à 17:52 -0700, Dan Nicholson a écrit :
> On Tue, May 13, 2008 at 2:00 PM, Milan Bouchet-Valat <nalimilan club fr> wrote:
> > Le lundi 12 mai 2008 à 18:51 +0200, Carlos Garnacho a écrit :
> >
> > > Couldn't this be set through a group so that all users in that group
> >  > wouldn't need their passwords? users-admin already has code/ui towards
> >  > showing certain groups as a privilege the user can acquire, it would
> >  > make sense to me having this included there, and the changes in
> >  > users-admin would be really trivial too.
> >  Good idea, but I don't know whether PAM provides a module that would
> >  allow being member of a specific group to be "sufficient" to
> >  authenticate. I'm going to search for such a module, but if somebody
> >  knows about it...
> 
> See pam_succeed_if(8). I think you probably want something like:
> 
> auth sufficient pam_succeed_if.so user ingroup <group>
Thank you very much, I guess we have all we need now.

So the plan can be:
- add a way to set users members of a group called "nopasslogin" or something nicer (ideas?)
- add a key in the gconf schemes so that distributions can enable or disable this feature when theyr want
- create templates for pam.d file of gnome-screensaver and gdm

Some questions:
- Using the current framework/tab called Privileges to add or remove users from that group is almost instant. However, login without password is not really a privilege. Is it worth adding a checkbox in the first tab that would do the same task (using hopefully the same code)? It would be easier to set up and more logical (who will go to Privileges to remove the need of a password?)
- Are the pam.d files only provided by distributors or are there templates in GNOME (which I did no find in SVN)?

Any other problems? Else I'll start looking into a (rather little) patch.

[Next message we can maybe remove the CC to gdm-list, much noise for something external. Readers, please follow... ;-)]

References:
- [system-tools] Allowing password-less connexions
  - From: Milan Bouchet-Valat
- Re: [system-tools] Allowing password-less connexions
  - From: Carlos Garnacho
- Re: [system-tools] Allowing password-less connexions
  - From: Milan Bouchet-Valat

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]