Le jeudi 23 février 2012 à 16:51 +0000, Gabriel Rossetti a écrit : > Sorry, using a terrible email client, can't reply inline well. > > I don't agree, he wants to be able to login graphically without having > to use a password, not by commandline. I think both aren't great, but > at least the 1st one forces an attacker to have physical access to the > machine whereas the 2nd would allow remote login. > > I agree you can do that (disable the remote logins) , but it sounds > like he may not know how to do that (since he doesn't know how to > configure passwordless login) and even if he does he may one day > enable it for whatever reason and forget that he deleted the user's > password and thus opening his computer to the world (or just about). With a properly configured system, which most distros do by default, you won't be allowed to login without password with SSH. One really needs to hack the config files by hand to allow this madness. So that's not the problem.
> You can change that setting via a GUI by the way, on Gnome Shell you > do it this way: > > 1) Open system settings > 2) Click on "User Accounts" > 3) Click on "Unlock", enter your password > 4) Toggle the "Automatic Login" switch > > This way he get what he wants and at least doesn't allow > current/future passwordless remote logins. This solution only works when starting the computer, it doesn't help for user switching. If your distribution is shipping the default PAM configuration file for GDM[1] (Ubuntu at least does, but e.g. Fedora doesn't), then adding your user to the 'nopasswdlogin' group is enough to login/switch users without typing the password. You still have a password e.g. to login via SSH. A single line in /etc/pam.d/gdm is enough to enable this: auth sufficient pam_succeed_if.so user ingroup nopasswdlogin It's a available as a GUI option in users-admin, but sadly it's not been added to the new users panel. 1: http://git.gnome.org/browse/gdm/tree/data/gdm _______________________________________________ gnome-shell-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-shell-list
