On Tue, Oct 14, 2003 at 04:02:22PM -0400, J. Bruce Fields wrote: | On Mon, Oct 13, 2003 at 03:58:41PM -0400, Bijan Soleymani wrote: | > best way is to: | > edit /etc/pam.d/login | > comment out the line | > #auth required pam_unix.so nullok | > by placing a "#" at the beginning. | > | > Then the login program won't even ask for a password. That's what I use | > on my console. All other programs like ftp and ssh will still ask for | > passwords though. Just make sure you don't use telnet as it does use | > login. If you need to disable passwords for any other program then | > simply edit its pam file. | | Thanks, but with those lines removed I end up with all logins failing | automatically and no request for a password. This may be something that | changed sometime between stable and unstable--I used to use a similar | trick to allow local gdm logins without a password, but that stopped | working at some point--I think the pam stuff has changed a bit. pam requires the requested category to be defined. That is, if the appliation asks pam if the auth is valid, pam will say "no" if auth is not defined for that service. Use pam_permit.so if you want all auth credentials to be permitted. (conversely use pam_deny.so if you want all credentials to be denied) Those two pam modules are extremely handy for debugging a new setup (eg postfix+sasl) and eliminating one source of failure. -D -- "...Deep Hack Mode--that mysterious and frightening state of consciousness where Mortal Users fear to tread." (By Matt Welsh) http://dman13.dyndns.org/~dman/
Attachment:
pgpetQzM1HJbn.pgp
Description: PGP signature