Update PAM policy to allow password-less logins set up via users-admin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm |
Fix Released
|
Wishlist
|
|||
gdm (Debian) |
Fix Released
|
Unknown
|
|||
gdm (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: gdm
Upstream gnome-system-tools will have in 2.28 an option to allow specified users to log in graphically and locally without entering their password. This is intended for home users that can't use GDM's autologin because they are several on the same computer. A rationale is at:
http://
and the bug upstream was http://
For this to work in Ubuntu, we need to add a rule to the PAM configuration file:
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
And to create the group 'nopasswdlogin' in the postinstall script.
Attached is a debdiff that does that. I guess somebody familiar with Ubuntu's PAM rules should check it since that's a critical part of the system's security, but that way of achieving this has been accepted by Brian Cameron (GDM) and Carlos Garnacho (gnome-
This change should also affect gnome-screensaver so that the screen is not locked after suspend. I'll post a diff for that too, and for the gdm-new package.
Please ask if you need more explanations about how this works.
Changed in gdm: | |
status: | Unknown → Fix Released |
Changed in gdm (Ubuntu): | |
status: | New → Confirmed |
Changed in gdm (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in gdm: | |
importance: | Unknown → Wishlist |
status: | Confirmed → Fix Released |
Changed in gdm (Debian): | |
status: | Unknown → New |
Changed in gdm (Debian): | |
status: | New → Fix Released |
I've subscribed ubuntu-security to take a look at that.