gdmflexiserver and no-password login

From: Tzafrir Cohen (tzafrir_at_nonexisting.hamakor.org.il)
Date: Tue 25 May 2004 - 23:33:06 IDT

• Next message: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Previous message: Tzafrir Cohen: "Re: Giving up an NFS fs that wasn't available initially?"
• Next in thread: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Reply: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hi all

Just to random tips that may help you

I'm generally a fan of gdm as a login manager (although maybe this is
just because I could never figure out where I should configure kdm, and
both xdm and wdm seem to lack some important fetures). So here are some
tips for using it:

1. creating a guest user (not gdm specific)
Often I want to have a guest account that should probably be limited,
but should allow me to log in a random guest without even the need for a
password. Think of children.

I'm not interested in an autologin (a feature provided by both kdm and
gdm, although was broken in earlier gdm versions), as most of the time I
would use the standard account.

So my approach was to tell gdm: "if you get this username, simply log it
in. Don't ask for a password".

This is done by adding the line of pam_listfile.so in the config file
below:

  
  #%PAM-1.0
  auth required pam_nologin.so
  auth required pam_env.so
  # the listfile line comes after the most basic tests ...
  auth sufficient pam_listfile.so item=user sense=allow file=/etc/X11/gdm/nopassusers onerr=fail
  # ... but before the standard password check. see the pam sysadmin
  # guide (pam.txt /pam.html in the pam docs) for more information
  auth required pam_unix_auth.so
  account required pam_unix_acct.so
  password required pam_unix_passwd.so shadow
  session required pam_unix_session.so

And in addition: create the file /etc/X11/gdm/nopassusers (an arbitrary
name) and put in it the name of that guest user . The guest account
should also not be allowed to login using a password (e.g: '!' in the
password field in /etc/shadow , see shadow(5)) so that account won't be
abused from any remote connection.

2. gdmflexiserver: start a separate X session in a new X server

This is a relatively simple but useful feature: This command will start
a separate login session. by default that session will be started in the
next free virtual console, e.g: ctrl-alt-f8. With the option --xnest: it
will be started in a nested X server .

So now when someone wants to play computer and I can spare it for a
while I can easily start a separate X session and log him in without
even using the console login.

BTW: multiple X servers tend to have problems with sound servers.

-- 
Tzafrir Cohen                       +---------------------------+
http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend|
mailto:tzafrir_at_technion.ac.il       +---------------------------+
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il

• Next message: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Previous message: Tzafrir Cohen: "Re: Giving up an NFS fs that wasn't available initially?"
• Next in thread: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Reply: Diego Iastrubni: "Re: gdmflexiserver and no-password login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.7 : Tue 25 May 2004 - 23:44:55 IDT