LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-24-2020, 05:42 AM   #196
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 462

Rep: Reputation: 51

Quote:
Originally Posted by gegechris99 View Post
I'm not sure what you mean by "not enter password for a user". Do you mean that you pressed "Enter" when prompted for a password? I don't know if this method qualifies as a blank password for PAM.
After years/decades this is gradually happening more, I need to start always saying, but people jumping into discussions ongoing for pages/hours/days/weeks on forums & chat need to go back and read. Many don't then end up in entire discussions full of confusion/misunderstanding, and personally explain entirely different things (not that you have yet, but many often get angry when they find out, and use that as a reason to quit.) I mentioned not using passwords, blank passwords, etc., multiple times for many posts and am now simplifying/optimizing terms, because people can see I replied so they need to read to sub-topic beginning. To do it, yes, you just press <ENTER>.

Quote:
Try without the "minlen=6" option.
Code:
password    sufficient    pam_unix.so nullok sha512 shadow
It doesn't respect it that way nor with minlen=0.

Last edited by dchmelik; 05-24-2020 at 06:09 AM.
 
Old 05-24-2020, 05:42 AM   #197
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 977
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Thanks for the link.

However the link is broken in your post:

Quote:
Originally Posted by Alien Bob View Post
URL="http://https://www.linuxquestions.org/questions/slackware-14/user-without-a-password-4175675708/#post6126043"]
 
Old 05-24-2020, 05:46 AM   #198
dchmelik
Member
 
Registered: Nov 2008
Location: USA
Distribution: FreeBSD Unix, Slackware, FreeSlack GNU/Linux, OpenBSD Unix, FreeDOS
Posts: 462

Rep: Reputation: 51
Quote:
Originally Posted by gegechris99 View Post
Thanks for the link.

However the link is broken in your post:
I recommend the web-browser addons that change text URLs to hypertext.

Of course, the post/thread title is misleading: it's about making users with passwords then having to delete them after the fact. That is not how classic Unix through Slackware stable to this day work (such as FreeBSD, despite having PAM, asks in installation at user setup whether you even want password authentication, then whether you want blank passwords, and your choices become default for future accounts.).

In addition, I discovered something insecure. On Slackware-stable, after you delete password, then try login, you must still get asked password, press <ENTER>. Now (on Slackware-current) you don't. To skip password, you used to have to edit /etc/passwd yourself and remove 'x' in place of password, which was there to make it seem as if there was password. Now anyone can immediately try an account they assume has password, but find out they're allowed to login with wrong password (even though the 'right' one isn't one.) Sure, I have some blank passwords, but that doesn't mean I don't want a password prompt for some/all!

Last edited by dchmelik; 05-24-2020 at 06:44 PM.
 
Old 05-24-2020, 06:07 AM   #199
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 977
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Quote:
I mentioned not using passwords, blank passwords, etc., multiple times for many posts and am now simplifying/optimizing terms, because people can see I replied so they need to read to sub-topic beginning.
It just happens that I've always used password for my users. So I don't have a clear understanding of how you create a user without a password or a blank password. And it seems that based on thread user without a password, what is important is how the absence of password or blank password is implemented in /etc/passwd.
At this point, I can no longer help on this issue. I don't have sufficient technical knowledge to improve on the proposed two-step approach (i.e. create user with password and then remove it with "passwd -d").
 
Old 05-24-2020, 06:08 AM   #200
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 141

Rep: Reputation: Disabled
Quote:
Originally Posted by GazL View Post
It is on mine (logging in via xdm) pam_ck_connector.so creates it when run without the nox11 option.
It also appears to mount a tmpfs for /var/run/user/$UID, but apparently fails to set XDG_RUNTIME_DIR to point to it.
Hmm, that's strange. Maybe it is not at the stage when .xsession is evaluated. Could you try with the if statement from Robbys package to see if ck is loaded this way on your machine?

Greetings

Lioh
 
Old 05-24-2020, 06:50 AM   #201
LuckyCyborg
Member
 
Registered: Mar 2010
Posts: 635

Rep: Reputation: 401Reputation: 401Reputation: 401Reputation: 401Reputation: 401
Seeing those "classic UNIX" diatribes, I can't help to not remember that "adduser" is not something inherited from the good old UNIX, but a tool written by Mr. Volkerding for Slackware. Yes, it is specific to Slackware.

However, from what I know the classic UNIX way to create users is "useradd", like elegantly it is used to create a system user right there:

https://slackbuilds.org/repository/1...work/hiawatha/

Code:
# groupadd -g 259 hiawatha
# useradd -u 259 -g 259 -c "Hiawatha HTTP Server" -d / \
          -s /bin/false hiawatha
Yes, for creating system users with no password, it's more than enough.

Last edited by LuckyCyborg; 05-24-2020 at 07:21 AM.
 
Old 05-24-2020, 07:03 AM   #202
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,497
Blog Entries: 14

Rep: Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328
Ok, done a little more digging.

Using xdm, with or without pam_ck_connector enabled, I don't get a DESKTOP_SESSION set. So, all the xsessions scripts that check for it being null will always try and start a ck-launch-session, even if ck_connector has already done it and it is unnecessary.

Perhaps the answer is to check XDG_SESSION_COOKIE in those xsession scripts instead, but I'm wondering how that will effect when those same scripts are run by startx given that consolekit is now also registering sessions for tty logins.

Perhaps the answer is just not to register ck sessions for tty logins.

Alternatively, maybe /etc/X11/xdm/Xsession should set DESKTOP_SESSION, but only if XDG_SESSION_COOKIE is already set.

This is starting to become a can of worms!

Last edited by GazL; 05-24-2020 at 07:06 AM.
 
1 members found this post helpful.
Old 05-24-2020, 07:14 AM   #203
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,063

Rep: Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825Reputation: 6825
The addition of "ck-launch-session" in the X init scripts in Slackware has been a necessity when PAM was not part of Slackware. See for instance my comment from 2017 here: https://bear.alienbase.nl/cgit/ktown...4e4866bbdf0636

I think we need to revisit these bits like

Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
  exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
  exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
 
1 members found this post helpful.
Old 05-24-2020, 07:15 AM   #204
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 141

Rep: Reputation: Disabled
Quote:
Alternatively, maybe /etc/X11/xdm/Xsession should set DESKTOP_SESSION, but only if XDG_SESSION_COOKIE is already set.
This sounds like a very good idea to me.
 
Old 05-24-2020, 07:17 AM   #205
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 141

Rep: Reputation: Disabled
Quote:
Originally Posted by Alien Bob View Post
...

and just stick with "exec dbus-launch --exit-with-session"
In this case consolekit is not started on my machine with -current using XDM and IceWM as a desktop. I am using unmodified PAM configs which have pam_ck_connector.so enabled for xdm.

Edit: sorry I have just seen that icewm has just

Code:
else
  exec icewm-session
fi
So I am going to try with dbus-launch only.

Last edited by lioh; 05-24-2020 at 07:19 AM.
 
Old 05-24-2020, 07:23 AM   #206
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 141

Rep: Reputation: Disabled
Quote:
Originally Posted by Alien Bob View Post
I think we need to revisit these bits like

Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
  exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
  exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
I can confirm that this works fine. consolekit is started correctly this way and things like Thunar gvfs access work fine.
 
Old 05-24-2020, 08:26 AM   #207
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,497
Blog Entries: 14

Rep: Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328
Quote:
Originally Posted by Alien Bob View Post
The addition of "ck-launch-session" in the X init scripts in Slackware has been a necessity when PAM was not part of Slackware. See for instance my comment from 2017 here: https://bear.alienbase.nl/cgit/ktown...4e4866bbdf0636

I think we need to revisit these bits like

Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
  exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
  exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
Might be alright when someone does a startx and uses the same console as the tty ck session, but if one does something like a startx -- :8 vt8 & then that's essentially a new session and probably needs its own ck session. I suspect startx is just too primitive for modern X11 enviroments with all this consolekit, dbus, and what have you stuff.

Also, I'm not a fan of using dbus-launch like that: it's caused me problems in the past, so I always use the eval method of staring it.
Code:
if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
   eval $(dbus-launch --sh-syntax --exit-with-session)
fi
... but that has to be done within the ck-session or many of the dbus services don't function properly.
 
Old 05-24-2020, 08:45 AM   #208
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,497
Blog Entries: 14

Rep: Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328
Quote:
Originally Posted by lioh View Post
This sounds like a very good idea to me.
It's a workaround, but the underlying issues are these:

xsession/xinitrc files are using DESKTOP_SESSION to determine whether they've been started by a display manager, or a startx, and then starting ck-launch-session depending on what's starting them, rather than on whether it needs starting

I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.

Then DESKTOP_SESSION can be used for its original purpose without misusing it to trigger side effects.

/etc/X11/xdm/Xsession still should be setting DESKTOP_SESSION, but that's not what should determine whether ck-launch-session is called or not.

Last edited by GazL; 05-24-2020 at 08:46 AM.
 
1 members found this post helpful.
Old 05-24-2020, 09:45 AM   #209
gmgf
Senior Member
 
Registered: Jun 2012
Location: Bergerac, France
Distribution: Slackware
Posts: 1,793

Rep: Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708
Quote:
Originally Posted by GazL View Post
It's a workaround, but the underlying issues are these:

xsession/xinitrc files are using DESKTOP_SESSION to determine whether they've been started by a display manager, or a startx, and then starting ck-launch-session depending on what's starting them, rather than on whether it needs starting

I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.

Then DESKTOP_SESSION can be used for its original purpose without misusing it to trigger side effects.

/etc/X11/xdm/Xsession still should be setting DESKTOP_SESSION, but that's not what should determine whether ck-launch-session is called or not.
I agree with you, sometimes I have the impression that certain things are not enhanced, or not finished.
 
Old 05-24-2020, 10:00 AM   #210
phenixia2003
Member
 
Registered: May 2006
Location: France
Distribution: Slackware
Posts: 958

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
Hello,

Quote:
Originally Posted by GazL View Post
I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.
In the case of XDM, this requires to apply the patch xdm-consolekit.patch.gz (that's ok), and to run 'autoreconf -vif' before the call of 'configure' which is currently not the case. This call was present when XDM has been upgraded to 1.1.12 (downgraded to 1.1.11 a short time after). See this thread, and more precisely the posts #14 (and #15) .

--
SeB
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
a bug in dialog merged with Slackware64 current? duturo1953 Slackware 1 08-23-2017 02:26 PM
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM
PAM module:passwd:- how many character validate by pam library amit_pansuria Linux - General 3 10-21-2008 01:19 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration