Re: How to let a user login locally with a weak password
On Mon, Jan 19, 2009 at 10:22:42PM -0500, Stefan Monnier wrote:
> >> I'd like to setup an account that can use a weak password.
> >> To make up for it, the account should only be accessible locally, not
> >> over the network.
> >> It would be sufficient for it to be accessible only via GDM/XDM (since
> >> I don't need remote XDM/GDM logins).
>
> > I used to add an extra line to /etc/pam.d/gdm to allow a list of users
> > (using pam_listfile.so) to login before checking their passwords.
>
> That sounds promising. Could you give me some details of what it looked
> like? But I guess that just allowed them to login without any password
> (rather than with a weak password), right? Still, promising.
>From /etc/pam.d/su
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
[snip]
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
So now you know how to allow password-less login of root to gdm.
Ahem... the target user is not root, I guess.
Well, you just need a different test. The point is to use a "sufficient"
auth line in the respective pam.d file, as it will be considered passed
then.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend
Reply to: