Hi Borden,
On 10/12/25 03:49, Borden wrote:
I wanted to pitch an idea for a wiki.debian.org set of pages and solicit
feedback on the best way to go about researching and writing this documentation.
The collection idea is "How to set up a passwordless Debian environment." Passwordless as in *no
passwords whatsoever*, as opposed to "Debian with 2FA" or "Packages that support
autologin".
Yes, I know that there are a lot of moving parts here, and I also know that
many packages don't support password alternatives.
One of the moving parts is picking passwordless technology. Off the top of my
head (and I'm betraying my ignorance here), some major categories would be
certificate-based, biometrics and, a little more in my interest,
hardware-key-based authentication systems. Are there other common ones?
I'm guessing each technology will need its own subcategory because the
mechanics differ somewhat. Then again, maybe a better categorisation would be
by software package?
I've set up SSH passwordless, so that goes a long way. PAM *technically* supports password
alternatives, but it struggles handling fallbacks. That is, I can set up "fingerprint THEN
security key" but not "fingerprint OR security key" - one must fail before
attempting the next, and only in the order in which they're specified. I've read that LUKS can
support passwordless configurations and other fancy things like storing the key headers off system
(which can turn any thumb drive into a poor man's security key). As a KDE user, Plasma kinda relies
on PAM for authentication, but it handles non-password authentication poorly. I've heard somewhere
that GNOME is a bit more progressive in its support.
The ulterior motive is that it might motivate package maintainers into
supporting password alternatives.
Anyhow, that's my understanding of the overview. What do people think?
Good idea! Just do it!
If you want more technical input and maybe participation/help, then I
suggest you pitch your idea on the debian-devel mailing list as well,
where a lot of Debian Developpers are hanging out.
*t
