After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 414862 - Allowing passwordless connections
Allowing passwordless connections
Status: RESOLVED FIXED
Product: gnome-system-tools
Classification: Deprecated
Component: general
unspecified
Other All
: Low enhancement
: ---
Assigned To: Milan Bouchet-Valat
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2007-03-05 10:48 UTC by Milan Bouchet-Valat
Modified: 2009-06-30 20:02 UTC
See Also:
GNOME target: ---
GNOME version: Unversioned Enhancement


Attachments
Proof-of-concept patch (8.66 KB, patch)
2008-06-07 19:38 UTC, Milan Bouchet-Valat
none Details | Review
Don-t-consider-all-groups-as-privileges.patch (1.08 KB, patch)
2009-06-27 19:02 UTC, Milan Bouchet-Valat
committed Details | Review
Add-an-option-to-skip-password-check-on-login.patch (8.48 KB, patch)
2009-06-27 19:04 UTC, Milan Bouchet-Valat
committed Details | Review
Change-default-PAM-policy-to-allow-password-less-login.patch (963 bytes, patch)
2009-06-27 19:05 UTC, Milan Bouchet-Valat
none Details | Review
Change-documentation-and-default-PAM-policy-to-allow-password-less-login (2.00 KB, patch)
2009-06-28 11:16 UTC, Milan Bouchet-Valat
committed Details | Review

Description Milan Bouchet-Valat 2007-03-05 10:48:30 UTC
I was thinking of a very useful feature for home computers or kiosks: the ability to skip the password check. I mean: like autologin allows to connect without typing the password, this new feature would allow specified users to simply enter their username to login.

This could be achieved by adding to the config tool a tab to select users that want to be connected without typing their password. This way, users still have a password, which is used with gksudo, ssh connexions and others, so security is preserved, but the home use is really nicer.

KDM has already such a feature: http://docs.kde.org/development/en/kdebase/kdm/configuring-kdm.html#kdmconfig-convenience

Discussing on ubuntu-devel-discuss mailing list, two concerns were noticed: this should be easy to set (since base users will need it), but user should be warned about security issues if his computer is not in a safe place. Too, pam-keyring will not be able to unlock the keyring at login, so maybe some problems have to be addressed here.

IMHO, this feature is needed in near future, since home users don't care about what their family can do on their session. This is a main user-friendly issue today.

Thanks for all
Comment 1 Alec Wright 2007-03-05 17:53:52 UTC
I agree. This would definitely be a very useful and time-saving feature.
Comment 2 Brian Cameron 2007-03-07 07:58:49 UTC
*** Bug 347586 has been marked as a duplicate of this bug. ***
Comment 3 Brian Cameron 2007-03-07 08:01:09 UTC
Oops.  I marked bug 347586 as a duplicate, but it isn't really, so I re-opened that bug.

However, it is a related bug, so whoever works on this issue might consider addressing both together?
Comment 4 Mantas Kriaučiūnas 2007-03-08 16:06:44 UTC
Btw, does current gdm to allow login for users without password (who have no characters between first : in /etc/shadow) or doesn't ?
Gnome about-me applet from control-center just freezes in such case, look at bug #336872 :(
Comment 5 Milan Bouchet-Valat 2007-03-08 16:53:47 UTC
You can connect without password, but you have to tweak /etc/pam.d adding nullok in some places. This is not really secure, even considering that ssh refuses empty passwords. I never managed to add GDM to work with nullok_secure option (/etc/securetty). Talking of Ubuntu Dapper & Edgy, at least.
Comment 6 Khashayar Naderehvandi 2007-09-29 09:14:19 UTC
This feature is pretty important for me so I just wanted to be on the CC list. In my case, I have a lot of friends using my computer and I want them to be able to more or less double click "guest" and be greeted by the desktop. Right now, they're mostly confused and wonder why they need a password for the guest account.

I've actually been thinking about using KDM + gnome for this feature alone :-)

Thanks for looking into it!
Comment 7 Ray Strode [halfline] 2007-09-29 16:10:35 UTC
In Fedora, you can just do 

passwd -d username

and then don't need to enter a password to login for that user.  Other distros may have different security policies in place.
Comment 8 Khashayar Naderehvandi 2007-09-29 16:31:50 UTC
(In reply to comment #7)
> In Fedora, you can just do 
> 
> passwd -d username
> 
> and then don't need to enter a password to login for that user.  Other distros
> may have different security policies in place.
> 

In Ubuntu 7.10, at least, that doesn't work for GDM. It does work for normal login at the command line, but not GDM. Deleting the user's password actually makes it impossible to login through GDM.
Comment 9 Ray Strode [halfline] 2008-02-13 16:00:49 UTC
Does Ubuntu use pam-gnome-keyring?  If so, that may be why.  See bug 514862.
Comment 10 Diego Viegas 2008-02-20 00:37:39 UTC
Hi,

I've made some search and I think it is not possible at this moment to configure a passless login to some user(s) in GDM. I'd like to comment that such feature would be appreciable in some cases.

Thank you,
DiegoV
Comment 11 Ray Strode [halfline] 2008-03-03 15:59:25 UTC
Hi Diego,

It is possible.

Run "passwd -d username" as root to allow a password less login.  If it doesn't work, you may be getting hit by bug 514862
Comment 12 Milan Bouchet-Valat 2008-03-03 16:13:08 UTC
As I said above, passwd -d is a security issue since the user has no password at all. This doesn't allow to protect the account in order to use ssh remote access, or to grant admin rights. These cases are common today: home users may want to log in without password but still be protected by passwords for advanced operations. This would avoid a security hole - and this should be the standard way, KDM already supports this.
Comment 13 Milan Bouchet-Valat 2008-06-07 19:35:20 UTC
This should be implemented in gnome-system-tools: it would be much easier and more logical. See http://mail.gnome.org/archives/system-tools-list/2008-May/msg00000.html
Comment 14 Milan Bouchet-Valat 2008-06-07 19:38:39 UTC
Created attachment 112335 [details] [review]
Proof-of-concept patch

This patch should roughly allow to enable password-less login on a per-user basis (with a checkbox making the user member of the "passwordless" group). Need for some work on /etc/pam.d/[gdm,gnome-screensaver].
Comment 15 Brian Cameron 2008-06-09 17:26:27 UTC
Note that the mechanisms for specifying whether a user can login in a passwordless manner is not consistent across platforms.  

In other words, it is a little risky to make assumptions about how PAM is set up on a given machine, or that the /etc/pam.d interface will be respected on any given platform, or that PAM, GDM, or gnome-screensaver are even being used.

Since systems can vary widely, and can be configured in very different ways, it might be best to leave PAM configuration to PAM, and not try to integrate it into the desktop.  If you insist on having this sort of feature in the desktop, it would be better if the code did some work to make sure that the system will honor the interface before exposing it to the user.  Having a non-functional choice in a dialog is not ideal.

I recommend that any patch trying to solve this problem be tested on a wide array of platforms before it goes upstream.

If this patch goes upstream, I anticipate it will evolve into a nest of #ifdef's to support different setups and platforms.  Not necessarily a problem, but just so you know what you are getting into.
Comment 16 Milan Bouchet-Valat 2008-06-09 18:00:50 UTC
You're right. I planned to manage this issue with a system-wide GConf key that distributors would enable if they know they support this feature. Else, it will be disabled/hidden. This is what the code does, but I'm no GConf guru, and I need help with mandatory (system-wide) settings and how to install them.

Do this sound reasonable to you?
Comment 17 Brian Cameron 2008-06-09 19:16:43 UTC
That seems reasonable to me.  Might also be good to ping various distros and let them know to test this code out & work to get support added if needed for their platform.
Comment 18 Milan Bouchet-Valat 2008-06-09 19:23:17 UTC
Sure. This is the second step. But for now we need a gnome-system-tools developer that can review the patch and eventually commit it. ;-)
Comment 19 Milan Knizek 2009-03-18 19:23:22 UTC
I am looking for this feature, too.
Comment 20 Milan Bouchet-Valat 2009-06-27 19:02:48 UTC
Created attachment 137468 [details] [review]
Don-t-consider-all-groups-as-privileges.patch

Preliminary patch to make second patch work.
Comment 21 Milan Bouchet-Valat 2009-06-27 19:04:11 UTC
Created attachment 137469 [details] [review]
Add-an-option-to-skip-password-check-on-login.patch

Actual patch against gnome-system-tools that creates a checkbox adding the user to the 'nopasswdlogin' group.
Comment 22 Milan Bouchet-Valat 2009-06-27 19:05:43 UTC
Created attachment 137470 [details] [review]
Change-default-PAM-policy-to-allow-password-less-login.patch

Patch against GDM default PAM configuration file that allows the previous patches to come into effect. Distributions still need to create the 'nopasswdlogin' group to enable the checkbox in users-admin, since they are likely to need an update to their PAM policy files.
Comment 23 Milan Bouchet-Valat 2009-06-28 11:16:13 UTC
Created attachment 137488 [details] [review]
Change-documentation-and-default-PAM-policy-to-allow-password-less-login

New patch for GDM that also updates the documentation.
Comment 24 Milan Bouchet-Valat 2009-06-29 21:12:23 UTC
I've just committed the needed changes to gnome-system-tools, which makes it possible for distributions to enable password-less logins if they create the 'nopasswdlogin' group.

We still need to see what should be changed in GDM to make this feature easy to enable and document it.

commit f2755126f69b4ede558ec16d00e19a8c80414bf7
Author: Milan Bouchet-Valat <nalimilan@club.fr>
Date:   Sat Jun 27 20:59:46 2009 +0200

    Add an option to skip password check on login
    
   This adds a checkbox that allows adding the user to the 'nopasswdcheck' group.
   Distributions and admins should enable it by creating that group if they have 
   configured PAM to make it work with GDM.
    
    http://bugzilla.gnome.org/show_bug.cgi?id=414862

commit 10f02635e9096f5b874d0a160110220c71bc0d44
Author: Milan Bouchet-Valat <nalimilan@club.fr>
Date:   Sat Jun 27 20:59:03 2009 +0200

    Don't consider all groups as privileges
    
    Only update membership for groups that actually match a privilege. The 
    current code was resetting user's membership for all groups on the system. 
    This fix will be used by an upcoming patch implementing a password-less login 
    option.


Comment 25 Ray Strode [halfline] 2009-06-30 14:01:47 UTC
okay, commit the GDM bits, too, I guess.
Comment 26 Milan Bouchet-Valat 2009-06-30 20:02:50 UTC
Pushed. Thanks for your feedback! I'll consider later whether/how we could integrate autologin with that feature.