On Mon, Jan 19, 2009 at 10:22:42PM -0500, Stefan Monnier wrote: > >> I'd like to setup an account that can use a weak password. > >> To make up for it, the account should only be accessible locally, not > >> over the network. > >> It would be sufficient for it to be accessible only via GDM/XDM (since > >> I don't need remote XDM/GDM logins). > > > I used to add an extra line to /etc/pam.d/gdm to allow a list of users > > (using pam_listfile.so) to login before checking their passwords. > > That sounds promising. Could you give me some details of what it looked > like? But I guess that just allowed them to login without any password > (rather than with a weak password), right? Still, promising.
>From /etc/pam.d/su # This allows root to su without passwords (normal operation) auth sufficient pam_rootok.so [snip] # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and # /etc/shadow entries. @include common-auth So now you know how to allow password-less login of root to gdm. Ahem... the target user is not root, I guess. Well, you just need a different test. The point is to use a "sufficient" auth line in the respective pam.d file, as it will be considered passed then. -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
