Unable to authenticate as user 'root' (I have added a password) OR as current user (account has no password due to end user preference)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-system-tools (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: gnome-system-tools
Unable to authenticate as user 'root' (I have added a password) OR as current user (account has no password due to end user preference).
The end users in question want one click logins and to not remember passwords. They might be convinced to use literal 'USB Keys' for login if support existed, but that is beyond the scope of this bug.
When using passwd -d (account) to clear the password, sudo, authentication (unlock root privileges) do not work; additionally as root was given a password it should be a user that is allowed to authenticate but there does not seem to be a way of entering that account information (the user list is a drop-down only, no text input).
There are two related bugs here:
1) Unable to authenticate using the root account (when it has a password set)
2) Unable to authenticate using a normal user account (when it has no password)
If the above is intended and not accidental it should be selectable (users should be able to do what they want even if it isn't smart) and/or at minimum tell the user /why/ they can't do what they want and help guide them to fixing it.
ProblemType: Bug
Architecture: i386
Date: Sat Oct 17 14:50:15 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Alpha i386 (20091017)
Package: gnome-system-tools 2.28.0-0ubuntu1
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: gnome-system-tools
Uname: Linux 2.6.31-14-generic i686
XsessionErrors:
(gnome-
(gnome-
(polkit-
(nautilus:4889): Eel-CRITICAL **: eel_preferences
(yelp:5011): Yelp-WARNING **: Failed to load config file: No such file or directory
As you half-guessed, most of what you report here is intentional. Namely:
1) we don't want people to log in as root using GDM - logging through the console could make sense, but never using a GUI, where many issues arise. You should never need do to so, anyway, PolicyKit and sudo/gksu are here for you.
2) we don't want user accounts to stay without password because that can lead to security issues, even if you may argue that a home computer does not suffer from many threats.
Now, there are also bugs that bring you into that situation. First, 2) is not absolutely intended, since we could at least allow people to log in without password locally. That's bug 104957, which you can circumvent at your own risk by replacing 'nullok_secure' in /etc/pam.d/* with 'nullok', meaning empty password will be accepted for all ttys 'not SSH hopefully).
But IMO the best solution would be to allow password-less logins as described at bug 393854, and there's already a graphical way of enabling that in users-admin - the problem is, it's disabled because it lacks support in GDM. If you prefer that way, you can simply adapt /etc/pam.d/gdm as does the patch by adding:
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
and create group 'nopasswdlogin' so that users-admin works with that feature. Anyway, good luck!