PAM configuration for password-less login

igadoter · 11-22-2021, 03:13 PM

I just started adventure with PAM. I was thinking about configuring system in way people use Windows. No one from person I know is using password on Windows. I also imagine to install Slackware for person who knows only Windows - no passwords would e nice.

The conditions are very basic. Members of users groups are allowed for password-less login if they have home directory and set shell.

For root password is required.

I am not asking for perfect solution just something which works.

0XBF · 11-22-2021, 03:24 PM

If you use 'sddm' and an init 4 boot I think you can already set this up by editing the /etc/sddm.conf config file. It uses the pam file /etc/pam.d/sddm-autologin but I don't think you need to make any changes.

Of course you can fiddle with pam configs to get some sort of "autologin"/"auto authentication" working but make sure you follow all the included pam configs to understand what all authenticates though a given config. You could easily accidentally provide root access or lock yourself out entirely so going that route is not recommended. If its an isolated test system then go nuts.

Gordie · 11-22-2021, 04:15 PM

This will only work for KDE AFAIK.

You'll need to have "root" edit: /etc/inittab and change id:3:initdefault to 4.

Code:

# Default runlevel. (Do not set to 0 or 6)
id:4:initdefault:

(If you were to change nothing else at this time, the next time you reboot you will be greeted by a graphical login screen where you can choose the Desktop / Windowmanager / Whatever and enter your username and password.) Of course you WANT to change something else to make for an "auto-login"

KDE Plasma 5:
Now in your program menu go to:

Code:

Settings
System Settings
Scroll down to "Personalization"
Account Details
From the choices in the left pane pick "User Manager"
YOUR_USERNAME
Automatic Login [X]

With Plasma 5 there is a known issue for some, where changing settings will not save the changes so if that proves true for you ... Have "root" change /etc/sddm.conf
(Keep a copy of the original just in case you want to change back)

FROM:

Code:

[Autologin]
Relogin=false
Session=plasma.desktop
User=

TO:

Code:

[Autologin]
Relogin=true
Session=plasma.desktop
User=YOUR_USERNAME

Now you can reboot and login automatically to KDE without having to enter your username and password.

NOTE -- This can prove to be a real PITA if you ever want to login another user OR if you ever desire to use any other desktop than KDE. xwmconfig will seem to fail to work but the changes you have just made overrules it until such time as you reverse them

igadoter · 11-22-2021, 04:42 PM

Thanks for answers but as I understand PAM-aware system offers centralized way for authorization, logins, etc. Essentially all applications delegate these tasks to PAM.

I think that configuration files can be the same for both login, sddm. On current they all are linked against libpam.so.

You know just create one configuration pam file and you are done. No matter what kind of app is used.

The only pain is terrible documentation. But Oracle has nice docs about PAM (probably Solaris - I don't know yet - but ideas seems to be similar).

rkelsen · 11-23-2021, 02:44 PM

Quote:

Originally Posted by igadoter

I just started adventure with PAM. I was thinking about configuring system in way people use Windows. No one from person I know is using password on Windows.

Really? Wow. I don't know many people using Windows this way anymore. It does so much nagging about using a Microsoft account that most people who don't know better just give in.

This even happens in offices (admittedly smaller ones without a DC).

It's worth mentioning that with Windows 11, they won't have this option any more.

igadoter · 11-23-2021, 03:46 PM

Quote:

Originally Posted by rkelsen

Really? Wow. I don't know many people using Windows this way anymore. It does so much nagging about using a Microsoft account that most people who don't know better just give in.

For some of my friends they just don't understand why all this passwords if they are the only people using computer. I just tried to explain, convince. The end of story was that person forgot password and where it kept memo with password written. We had some words exchange about this: all my fault. Since then no more such stupid things like passwords.

0XBF · 11-23-2021, 04:12 PM

If you're fixated on using PAM then check out the 'pam_succeed_if.so' and/or 'pam_listfile.so' modules. I'm not a PAM expert by any means but those modules allow for checking against a user name or uid (as well as other things).

pam_succeed_if performs a test given options passed to it, pam_listfile checks whether an entry is listed in a file to succeed. The man pages will provide more insight how to use these modules (just type "man <pam_module_name>", without the ".so").

Sorry I have no actual examples to give you since I haven't tried to set up my system this way. For the most part I have just tweaked PAM in the "session" sections to suit my needs. I haven't modified the auth/account/password configs from defaults.

Here's a primer on PAM in general that someone linked here in the forums from last year that I found was a helpful intro http://www.linux-pam.org/Linux-PAM-h...x-PAM_SAG.html

glhf

rkelsen · 11-23-2021, 04:43 PM

Quote:

Originally Posted by igadoter

For some of my friends they just don't understand why all this passwords if they are the only people using computer. I just tried to explain, convince. The end of story was that person forgot password and where it kept memo with password written. We had some words exchange about this: all my fault. Since then no more such stupid things like passwords.

I say this with all due respect: If they cannot handle a simple password, then trying to change them to Linux from Windows is going to cause big headaches for you.