Bug 633015 – Support for password-less login

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 633015 - Support for password-less login


Summary:	Support for password-less login


Status:	RESOLVED OBSOLETE

Product:	gnome-control-center
Classification:	Core
Component:	User Accounts
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	Control-Center Maintainers
QA Contact:	Control-Center Maintainers

URL:
Whiteboard:	3.10

Depends on:
Blocks:

Reported:	2010-10-24 08:35 UTC by Milan Bouchet-Valat
Modified:	2021-06-09 16:01 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Milan Bouchet-Valat 2010-10-24 08:35:26 UTC

To allow distributions that shipped users-admin to move to accounts-dialog, it would be nice to implement a feature that is currently missing. Bastien asked me to file a bug, this will prevent discussion from being lost. So here's the point:

Default PAM configuration file for GDM allows users in the 'nopasswdlogin' group to log in without typing their password. That's basically an extended autologin (discussion and rationale can be found at [1]). users-admin supported this feature since 2.28, and I really think this suits a need, given the amount of hacks you can find on the Web for it.

Implementing this in accountsservice is very easy, I've already a patch for that. What is trickier is showing this option in the GUI. In users-admin, we have in the password dialog a "Don't ask for password on login" checkbox with an explanation tooltip, which works fine. But a-d has an "Action" combo box at the top of the password dialog, with a "Log in without a password" item in the list : adding password-less login as described above would be confusing.

Though, I'd advocate accounts with no passwords at all can be replaced without any drawback with password-less login, where accounts have a password that can be used e.g. to get admin rights. So we could keep the "Log in without a password" choice and make it correspond to password-less login when available. What do you think of this? Security is slightly improved and we keep educating users by forcing a password for admin tasks.

One small issue is that currently, only the "Set a password now" combo box choice asks to enter a password; others disable all widgets in the password dialog. But I don't think it would be very confusing to have another choice that would require typing a password, since it's clear from the GUI when you need to enter a password.

Another solution, instead of adding a choice in the combo box, is to add a checkbox at the bottom of the dialog, and remove the current "Log in without a password" from the list. But that's bloating the UI, which is generally good to avoid.

A last technical point comes from the fact that users-admin didn't require distributions to support password-less login. So we detected whether the 'nopasswdlogin' group existed, and if not, the feature was disabled. But accountsservice doesn't seem to have global properties like that. Should we add a property for this single feature? We could also require this to be supported since it's just a single line in the PAM file. So I'd like to hear your thoughts on this.

1: http://markmail.org/message/2h5isyf3kip6updb#query:+page:1+mid:pa6lrzmwdtbol5it+state:results

Comment 1 André Klapper 2012-03-16 12:06:55 UTC

Moving open accountsdialog tickets from the deprecated and closed "accountsdialog" product to gnome-control-center/User Accounts.

Reporter: Retesting the reported problem against GNOME 3.2 or 3.4 and adding a comment here is highly welcome.

Comment 2 Milan Bouchet-Valat 2012-03-16 12:18:55 UTC

This is an enhancement, so yes, it still applies to 3.4.

Comment 3 Bastien Nocera 2012-03-16 12:29:32 UTC

It doesn't. Though there are bugs related to this, you can already set accounts to have no passwords.

Comment 4 Milan Bouchet-Valat 2012-03-16 12:32:06 UTC

You mean, with _no_ password? This report is about having a password that allows e.g. authenticating as admin, or logging in via SSH, but not asked on GDM login. This is much more secure than 'passwd -d'.

See the description and linked message.

Comment 5 Allan Day 2012-07-12 08:59:33 UTC

Can you clarify the user experience that is being suggested here? My understanding (possibly incorrect) is that it suggests:

* Users should always have a password
* Users can specify if they need to give a password to login to their account

Comment 6 Matthias Clasen 2012-07-12 11:09:44 UTC

yes, I think that is the case, and in addition:

* If a user is allowed to log in without a password, then selecting the user from the user list and hitting enter will just proceed to login, without asking for a password

Comment 7 Allan Day 2012-07-12 13:04:53 UTC

Sounds like excellent behaviour to me. Always requiring a password makes a lot of sense. This would enable us to simplify the user accounts preferences and replace the confusing automatic login option (bug 679745).

I've added a design proposal to the System Settings wiki pages:

https://live.gnome.org/Design/SystemSettings/UserAccounts#Update_Proposal

Comment 8 André Klapper 2021-06-09 16:01:20 UTC

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new enhancement request ticket at
  https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/

Thank you for your understanding and your help.