Bug#661230: lightdm: passwordless login doesn't work
Hi, I have set up lightdm to support guest accounts. The problem lies in default PAM setting in Debian. Here is the line that permits password-less logins on secure ttys in /etc/pam.d/common-auth file: - auth[success=1 default=ignore] pam_unix.so nullok_secure - We need just to allow blank password in any case. What I actually done is: # sed -e 's/_secure//' /etc/pam.d/common-auth /etc/pam.d/common-auth-insecure # sed -i -e 's/common-auth/-insecure/' /etc/pam.d/lightdm And it works, also preventing logins without password by SSH. So, according to configured central authentication policy, lightdm (which is not a plain tty AFAIK) behavior seems correct. -- Denys Gavrysh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661230: [Pkg-xfce-devel] Bug#661230: lightdm: passwordless login doesn't work
On mer., 2012-02-29 at 10:26 +0400, Alexander GQ Gerasiov wrote: What happens if you set allow-guest=true in /etc/lightdm/lightdm.conf? The same: Feb 28 22:31:10 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=guest Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] Feb 28 22:31:19 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=maxim Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [maxim] Thanks for testing. It might be related to the pam file and the fact I didn't yet make sure autologin was working. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#661230: [Pkg-xfce-devel] Bug#661230: lightdm: passwordless login doesn't work
On mer., 2012-02-29 at 18:50 +0400, Alexander GQ Gerasiov wrote: I'm speaking not about autologin, but about passwordless login. I didn't say that, I just said it might be related. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#661230: [Pkg-xfce-devel] Bug#661230: lightdm: passwordless login doesn't work
Wed, 29 Feb 2012 12:58:58 +0100 Yves-Alexis Perez cor...@debian.org wrote: On mer., 2012-02-29 at 10:26 +0400, Alexander GQ Gerasiov wrote: What happens if you set allow-guest=true in /etc/lightdm/lightdm.conf? The same: Feb 28 22:31:10 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=guest Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] Feb 28 22:31:19 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=maxim Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [maxim] Thanks for testing. It might be related to the pam file and the fact I didn't yet make sure autologin was working. I'm speaking not about autologin, but about passwordless login. Just remove password hash from /etc/shadow and user will be able to login on ttys specified in /etc/securetty without password. This works for console login for example. -- Best regards, Alexander GQ Gerasiov Contacts: e-mail:g...@cs.msu.su Jabber: g...@jabber.ru Homepage: http://gq.net.ru ICQ: 7272757 PGP fingerprint: 04B5 9D90 DF7C C2AB CD49 BAEA CA87 E9E8 2AAC 33F1 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661230: [Pkg-xfce-devel] Bug#661230: lightdm: passwordless login doesn't work
On Sat, 25 Feb 2012 13:38:45 + Yves-Alexis Perez cor...@debian.org wrote: On sam., 2012-02-25 at 16:04 +0400, Alexander Gerasiov wrote: Package: lightdm Version: 1.0.6-3 Severity: normal For some resons I have some users without password on my system. They could login via getty, gdm, gdm3 (IIRC), but could not login with lightdm. In the auth.log there is Feb 25 15:54:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] I want them to be able to login without password. What happens if you set allow-guest=true in /etc/lightdm/lightdm.conf? The same: Feb 28 22:31:10 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=guest Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:31:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] Feb 28 22:31:19 vice lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=maxim Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): conversation failed Feb 28 22:32:13 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [maxim] -- Best regards, Alexander GQ Gerasiov Contacts: e-mail:g...@cs.msu.su Jabber: g...@jabber.ru Homepage: http://gq.net.ru ICQ: 7272757 PGP fingerprint: 04B5 9D90 DF7C C2AB CD49 BAEA CA87 E9E8 2AAC 33F1 signature.asc Description: PGP signature
Bug#661230: lightdm: passwordless login doesn't work
Package: lightdm Version: 1.0.6-3 Severity: normal For some resons I have some users without password on my system. They could login via getty, gdm, gdm3 (IIRC), but could not login with lightdm. In the auth.log there is Feb 25 15:54:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] I want them to be able to login without password. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (680, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lightdm depends on: ii adduser3.113+nmu1 ii consolekit 0.4.5-1 ii dbus 1.4.16-1 ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-26 ii libglib2.0-0 2.30.2-6 ii libpam0g 1.1.3-7 ii libxcb11.8-2 ii libxdmcp6 1:1.1.0-4 ii lightdm-gtk-greeter1.0.6-3 Versions of packages lightdm recommends: ii xserver-xorg 1:7.6+11 Versions of packages lightdm suggests: pn accountsservice none -- Configuration Files: /etc/lightdm/lightdm.conf changed: [LightDM] [SeatDefaults] xserver-allow-tcp=false greeter-hide-users=true user-session=lightdm-xsession session-wrapper=/etc/X11/Xsession [Seat:0] [Seat:1] [Seat:2] [XDMCPServer] [VNCServer] -- debconf information: lightdm/daemon_name: /usr/sbin/lightdm shared/default-x-display-manager: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661230: [Pkg-xfce-devel] Bug#661230: lightdm: passwordless login doesn't work
On sam., 2012-02-25 at 16:04 +0400, Alexander Gerasiov wrote: Package: lightdm Version: 1.0.6-3 Severity: normal For some resons I have some users without password on my system. They could login via getty, gdm, gdm3 (IIRC), but could not login with lightdm. In the auth.log there is Feb 25 15:54:16 vice lightdm: pam_unix(lightdm:auth): auth could not identify password for [guest] I want them to be able to login without password. What happens if you set allow-guest=true in /etc/lightdm/lightdm.conf? Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
