[gdm] Change documentation and default PAM policy to allow password-less logins on allowed cases

From: Milan Bouchet-Valat <milanbv src gnome org>
To: svn-commits-list gnome org
Subject: [gdm] Change documentation and default PAM policy to allow password-less logins on allowed cases
Date: Tue, 30 Jun 2009 20:00:34 +0000 (UTC)

commit e1f579ad44874cf85aeda0bd8f1126053a74eba6
Author: Milan Bouchet-Valat <nalimilan club fr>
Date:   Sat Jun 27 19:49:15 2009 +0200

    Change documentation and default PAM policy to allow password-less logins on allowed cases
    
    Being a member of the 'nopasswdlogin' group allows the user to log in via GDM without typing his password. This feature is used by the gnome-system-tools to allow some users to do so. The documentation now explains how to configure PAM to allow this.
    
    http://bugzilla.gnome.org/show_bug.cgi?id=414862

 data/gdm       |    1 +
 docs/C/gdm.xml |   16 ++++++++++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)
---
diff --git a/data/gdm b/data/gdm
index 99760c8..58c397d 100644
--- a/data/gdm
+++ b/data/gdm
@@ -1,6 +1,7 @@
 #%PAM-1.0
 auth       required    pam_env.so
 auth       required    pam_succeed_if.so user != root quiet
+auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
 auth       include     system-auth
 account    required    pam_nologin.so
 account    include     system-auth
diff --git a/docs/C/gdm.xml b/docs/C/gdm.xml
index 4d9939c..336af58 100644
--- a/docs/C/gdm.xml
+++ b/docs/C/gdm.xml
@@ -689,6 +689,22 @@
 <screen>
        gdm-autologin session required pam_unix_session.so.1
 </screen>
+
+      <para>
+        If the computer is used by several people, which makes automatic login
+        unsuitable, you may want to allow some users to log in without entering
+        their password. This feature can be enabled as a per-user option in
+        the users-admin tool from the gnome-system-tools; it is achieved by
+        checking that the user is member a Unix group called
+        &quot;nopasswdlogin&quot; before asking for password. For this to work,
+        the PAM configuration file for the &quot;gdm&quot; service must include
+        a line such as:
+      </para>
+
+<screen>
+      gdm auth  sufficient  pam_succeed_if.so  user ingroup nopasswdlogin
+</screen>
+
     </sect2>
 
     <sect2 id="utmpwtmp">

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]