Bug#501849: Please permit installation with an empty user password
On Mon, 2008-10-13 at 09:26 +0200, Frans Pop wrote:
> Emmet Hikory wrote:
> > I "really, really" wanted to do it to ease working with tools that
> > request graphical sudo authentication for devices that didn't have
> > keyboards. Yes, this is pointlessly insecure, and yes, there are input
> > tools that can be used in some cases, but these tend to be fairly
> > cumbersome.
>
> I can only see the point of this to some extend for some embedded
> devices.
[..]
> and possibly that passwordless use of sudo would be allowed.
> But I also would expect the actual user ID still to be protected with
> a password, especially as a lot of these devices will have networking
> and thus do need fairly strong protection for external access.
Yep. I am not sure that all network services in Debian have a "null
password not ok" policy, à la pam_unix. (remember Win2K? )
BTW, Gnome's gdm allows autologon. Also something like "pam_succeed_if
uid=1000" or equivalent may achieve the expected behaviour.
Franklin
Reply to: