[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwordless root login

On Tue, Oct 14, 2003 at 04:02:22PM -0400, J. Bruce Fields wrote:
| On Mon, Oct 13, 2003 at 03:58:41PM -0400, Bijan Soleymani wrote:

| > best way is to:
| > edit /etc/pam.d/login
| > comment out the line
| > #auth       required   pam_unix.so nullok
| > by placing a "#" at the beginning.
| > 
| > Then the login program won't even ask for a password. That's what I use
| > on my console. All other programs like ftp and ssh will still ask for
| > passwords though. Just make sure you don't use telnet as it does use
| > login. If you need to disable passwords for any other program then
| > simply edit its pam file.
| Thanks, but with those lines removed I end up with all logins failing
| automatically and no request for a password.  This may be something that
| changed sometime between stable and unstable--I used to use a similar
| trick to allow local gdm logins without a password, but that stopped
| working at some point--I think the pam stuff has changed a bit.

pam requires the requested category to be defined.  That is, if the
appliation asks pam if the auth is valid, pam will say "no" if auth is
not defined for that service.  Use pam_permit.so if you want all auth
credentials to be permitted.  (conversely use pam_deny.so if you want
all credentials to be denied)  Those two pam modules are extremely
handy for debugging a new setup (eg postfix+sasl) and eliminating one
source of failure.


"...Deep Hack Mode--that mysterious and frightening state of
consciousness where Mortal Users fear to tread."
(By Matt Welsh)

Attachment: pgpetQzM1HJbn.pgp
Description: PGP signature

Reply to: