Given that this seems to me like a fairly simple and common objective, and seeing as how I have not been able to find a solution till now, I thought I'd make a start on a mini-howto. The below instructions work in fair conditions but I am a newbie, so it may be full of holes. Perhaps someone with a bit more technical knowledge could take a look at this for me and see if it can be improved?
(MINI) HOW TO ALLOW SPECIFIC USERS TO LOG ON VIA GDM LOCALLY WITHOUT ENTERING A PASSWORD
[1] Why Bother?
Well, partly because its just more convenient in some cases. If you are on a local network that is secure from remote access, where a machine is shared by multiple desktop users and where you trust some of them at least, why not let them have the benefits of their own account without the inconvenience of entering a password in GDM to log in? I know its no real hassle, but it is an extra step nonetheless. Anyway, choice is what we're all about, right? Partly also because Windows (and KDM!) lets you do this, and as a part of migrating folk over from Windows it is critical to not underestimate how important it is to minimise how much you take folk out of their familiarity zone. Even in small things like this. If you use a user browser in GDM, this will allow the user to click on the picture representing them and they're in!
[2] Have a word with PAM!
PAM is the authentication model employed in Ubuntu. The first thing to do is to edit the PAM file that specifies how authentication should work with GDM. Open the file /etc/pam.d/gdm using your favorite text editor, in my case:
$ sudo nano /etc/pam.d/gdm
Add lines that specify a password is not required for the users who are listed in a file that you are going to make later on. The new line in the file example comes between the #start and #end comments, all the other lines were there anyway and remain untouched:
----------------------
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
# start
auth sufficient pam_listfile.so item=user sense=allow file=/etc/X11/gdm/nopassusers.txt onerr=fail
# end
@include common-auth
@include common-account
session required pam_limits.so
@include common-session
@include common-password
----------------------
[3] Tell PAM who to let in without a pass
Go to this following location: /etc/X11/gdm/
Make a new text file there called nopassusers.txt
In this file, list the usernames of the users who can log in without entering a password. Put each user on a new line. Only the username is required.
OK - that should be it. Like I say, I know this works but have no idea whether it is sensible. Please if you have knowledge contribute to making this a better howto!
Bookmarks