passwordless login
Raphaƫl Berbain
raphael.berbain at free.fr
Thu Apr 21 13:01:38 UTC 2005
* Matt Price:
> I was considering giving her a null password, adding her
> username to "DenyUsers" in /etc/ssh/sshd_config, and removing
> her name from the sudoers file.
You could try the other way around: Instead of 'blank password + lock
everything down', set it up as 'regular password + allow gdm
passwordless login'.
As seen on this list some time ago:
,----[ /etc/pam.d/gdm ]
| #%PAM-1.0
| auth requisite pam_nologin.so
| auth required pam_env.so
| auth sufficient pam_listfile.so sense=allow file=/etc/passwordless item=user
| @include common-auth
| @include common-account
| session required pam_limits.so
| @include common-session
| @include common-password
`----
,----[ /etc/passwordless ]
| <username>
`----
As for sudo (with defaults sudoers config), make sure the user isn't a
member of the 'admin' group. Alternatively, using Gnome user
management tool, you can choose the 'desktop' user profile. IIRC,
this profile doesn't grant sudo rights.
More information about the ubuntu-users
mailing list