diff options
author | Milan Bouchet-Valat <nalimilan@club.fr> | 2009-06-27 19:49:15 +0200 |
---|---|---|
committer | Milan Bouchet-Valat <nalimilan@club.fr> | 2009-06-28 13:11:47 +0200 |
commit | e1f579ad44874cf85aeda0bd8f1126053a74eba6 (patch) | |
tree | 1c715c39a843aeb4110a2424f2a12c1c6c625bee | |
parent | df880c4ddee5e4728da000c2f0f7990dd45170cd (diff) | |
download | gdm-e1f579ad44874cf85aeda0bd8f1126053a74eba6.tar.gz |
Change documentation and default PAM policy to allow password-less logins on allowed cases
Being a member of the 'nopasswdlogin' group allows the user to log in via GDM without typing his password. This feature is used by the gnome-system-tools to allow some users to do so. The documentation now explains how to configure PAM to allow this.
http://bugzilla.gnome.org/show_bug.cgi?id=414862
-rw-r--r-- | data/gdm | 1 | ||||
-rw-r--r-- | docs/C/gdm.xml | 16 |
2 files changed, 17 insertions, 0 deletions
@@ -1,6 +1,7 @@ #%PAM-1.0 auth required pam_env.so auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin auth include system-auth account required pam_nologin.so account include system-auth diff --git a/docs/C/gdm.xml b/docs/C/gdm.xml index 4d9939cc..336af58e 100644 --- a/docs/C/gdm.xml +++ b/docs/C/gdm.xml @@ -689,6 +689,22 @@ <screen> gdm-autologin session required pam_unix_session.so.1 </screen> + + <para> + If the computer is used by several people, which makes automatic login + unsuitable, you may want to allow some users to log in without entering + their password. This feature can be enabled as a per-user option in + the users-admin tool from the gnome-system-tools; it is achieved by + checking that the user is member a Unix group called + "nopasswdlogin" before asking for password. For this to work, + the PAM configuration file for the "gdm" service must include + a line such as: + </para> + +<screen> + gdm auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +</screen> + </sect2> <sect2 id="utmpwtmp"> |