gdm-session: require a password for for remote logins

Many remote services refuse passwordless logins, so administrators may find it surprising that the login screen over XDMCP doesn't require a password on the account. This commit toggles to that default. Note, this change doesn't really make XDMCP more secure. It is inherently insecure over an untrusted network, since it's a completely plain text protocol. https://bugzilla.gnome.org/show_bug.cgi?id=764669
author: Tim Lunn <tim@feathertop.org> 2016-04-12 14:40:48 +1000
committer: Tim Lunn <tim@feathertop.org> 2016-04-13 13:41:39 +1000
commit: 25e8677f7d0950e69b6bf9d9a534a184067da123 (patch)
tree: 8fe9ab6887f5426f147f2ae3f0c62ac4ffaa51ce
parent: c870d47dd828506857f0997a3af3468fc12fc85b (diff)
download: gdm-25e8677f7d0950e69b6bf9d9a534a184067da123.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index b97c688a..7bbda49f 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -1080,6 +1080,8 @@ gdm_session_worker_initialize_pam (GdmSessionWorker *worker,
         ensure_login_vt (worker);
         g_snprintf (tty_string, 256, "/dev/tty%d", worker->priv->login_vt);
         pam_set_item (worker->priv->pam_handle, PAM_TTY, tty_string);
+        if (!display_is_local)
+                worker->priv->password_is_required = TRUE;
 
  out:
         if (error_code != PAM_SUCCESS) {
author	Tim Lunn <tim@feathertop.org>	2016-04-12 14:40:48 +1000
committer	Tim Lunn <tim@feathertop.org>	2016-04-13 13:41:39 +1000
commit	25e8677f7d0950e69b6bf9d9a534a184067da123 (patch)
tree	8fe9ab6887f5426f147f2ae3f0c62ac4ffaa51ce
parent	c870d47dd828506857f0997a3af3468fc12fc85b (diff)
download	gdm-25e8677f7d0950e69b6bf9d9a534a184067da123.tar.gz