Most people who want auto login don't want to type their password for
the screen lock. In fact, having a screen lock with autologin is quite
useless as an attacker can simply reboot to gain access to the desktop
_unless_ you're an advanced user who has configured disk encryption.
If that's the case, you should be able to simply remove your user from
the nopasswdlogin group, as you have done.
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Changed in: lightdm (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/987330
Title:
Insecure login -- not requesting password
Status in “lightdm” package in Ubuntu:
Invalid
Bug description:
When I click the login link from the login page, my password is never
requested -- instead, I am simply automatically logged in. This
happens whether I get to the login screen via (1) starting up the
machine, (2) logging out of a session, or (3) locking the screen and
then clicking the "Switch user" button on the locked screen dialog.
My entire system is encrypted in a LUKS volume, so I had initially
turned automatic login on, as I thought login via password would be
unnecessary given that I already have to enter my LUKS password to
start up the machine. However, I noticed that when I locked my screen,
instead of needing to provide my account password to unlock it, I
could simply click "Switch user", and instead of switching to another
user (there are no other users on my machine), I could then just click
"Login" for my own account, and it would let me in without requesting
my password. I thought this might be due to the automatic login
setting, so I turned off automatic login. I have confirmed that the
"autologin-user=<username>" line in /etc/lightdm/lightdm.conf has
changed to "auto-login=". Also, now that automatic login is off, I do
get the login screen when I first start up the machine -- yet it still
does not require my password. So, I don't think the problem is related
to automatic login, as it happens with our without automatic login
turned on.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu5
Architecture: amd64
Date: Mon Apr 23 09:10:05 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
ProcEnviron:
TERM=xterm
LC_COLLATE=C
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/987330/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
