Call for action: Update PAM policy to allow password-less logins set up via users-admin

[Milan Bouchet-Valat]

Hi all!

More than two months ago, I reported bug 393854 about supporting in
Karmic a new feature that we recently added to the gnome-system-tools
and gdm. It allows users to be granted (by admins) the right to log in
through GDM without typing their password. This works by making them
members of a given Unix group, and checking this via PAM. See the bug
report and the links there for a complete explanation and rationale
behind that (in particular, don't confuse this feature with what we
currently get using 'passwd -d').

What Ubuntu needs for this checkbox to be available and effective is to
create that group, and update the GDM PAM policy file to allow this. The
upstream config file already includes such a (minor) change. I've
provided debdiffs that would apply those two changes to the current GDM
in Karmic.

I'd really hope somebody can tackle (i.e. review) that before the
freeze. The security audit required to publish those modifications
should not be complex at all. It would be too bad to get a greyed out
checkbox in users-admin because of lack of attention, while many users
rely on hacks to create unsecure and unpractical accounts without any
password. Thanks!


Cheers


1: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/393854