SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not sure what you mean by "not enter password for a user". Do you mean that you pressed "Enter" when prompted for a password? I don't know if this method qualifies as a blank password for PAM.
After years/decades this is gradually happening more, I need to start always saying, but people jumping into discussions ongoing for pages/hours/days/weeks on forums & chat need to go back and read. Many don't then end up in entire discussions full of confusion/misunderstanding, and personally explain entirely different things (not that you have yet, but many often get angry when they find out, and use that as a reason to quit.) I mentioned not using passwords, blank passwords, etc., multiple times for many posts and am now simplifying/optimizing terms, because people can see I replied so they need to read to sub-topic beginning. To do it, yes, you just press <ENTER>.
I recommend the web-browser addons that change text URLs to hypertext.
Of course, the post/thread title is misleading: it's about making users with passwords then having to delete them after the fact. That is not how classic Unix through Slackware stable to this day work (such as FreeBSD, despite having PAM, asks in installation at user setup whether you even want password authentication, then whether you want blank passwords, and your choices become default for future accounts.).
In addition, I discovered something insecure. On Slackware-stable, after you delete password, then try login, you must still get asked password, press <ENTER>. Now (on Slackware-current) you don't. To skip password, you used to have to edit /etc/passwd yourself and remove 'x' in place of password, which was there to make it seem as if there was password. Now anyone can immediately try an account they assume has password, but find out they're allowed to login with wrong password (even though the 'right' one isn't one.) Sure, I have some blank passwords, but that doesn't mean I don't want a password prompt for some/all!
I mentioned not using passwords, blank passwords, etc., multiple times for many posts and am now simplifying/optimizing terms, because people can see I replied so they need to read to sub-topic beginning.
It just happens that I've always used password for my users. So I don't have a clear understanding of how you create a user without a password or a blank password. And it seems that based on thread user without a password, what is important is how the absence of password or blank password is implemented in /etc/passwd.
At this point, I can no longer help on this issue. I don't have sufficient technical knowledge to improve on the proposed two-step approach (i.e. create user with password and then remove it with "passwd -d").
It is on mine (logging in via xdm) pam_ck_connector.so creates it when run without the nox11 option.
It also appears to mount a tmpfs for /var/run/user/$UID, but apparently fails to set XDG_RUNTIME_DIR to point to it.
Hmm, that's strange. Maybe it is not at the stage when .xsession is evaluated. Could you try with the if statement from Robbys package to see if ck is loaded this way on your machine?
Seeing those "classic UNIX" diatribes, I can't help to not remember that "adduser" is not something inherited from the good old UNIX, but a tool written by Mr. Volkerding for Slackware. Yes, it is specific to Slackware.
However, from what I know the classic UNIX way to create users is "useradd", like elegantly it is used to create a system user right there:
Using xdm, with or without pam_ck_connector enabled, I don't get a DESKTOP_SESSION set. So, all the xsessions scripts that check for it being null will always try and start a ck-launch-session, even if ck_connector has already done it and it is unnecessary.
Perhaps the answer is to check XDG_SESSION_COOKIE in those xsession scripts instead, but I'm wondering how that will effect when those same scripts are run by startx given that consolekit is now also registering sessions for tty logins.
Perhaps the answer is just not to register ck sessions for tty logins.
Alternatively, maybe /etc/X11/xdm/Xsession should set DESKTOP_SESSION, but only if XDG_SESSION_COOKIE is already set.
The addition of "ck-launch-session" in the X init scripts in Slackware has been a necessity when PAM was not part of Slackware. See for instance my comment from 2017 here: https://bear.alienbase.nl/cgit/ktown...4e4866bbdf0636
I think we need to revisit these bits like
Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
and just stick with "exec dbus-launch --exit-with-session"
In this case consolekit is not started on my machine with -current using XDM and IceWM as a desktop. I am using unmodified PAM configs which have pam_ck_connector.so enabled for xdm.
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
I can confirm that this works fine. consolekit is started correctly this way and things like Thunar gvfs access work fine.
The addition of "ck-launch-session" in the X init scripts in Slackware has been a necessity when PAM was not part of Slackware. See for instance my comment from 2017 here: https://bear.alienbase.nl/cgit/ktown...4e4866bbdf0636
I think we need to revisit these bits like
Code:
if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
exec ck-launch-session dbus-launch --exit-with-session /usr/bin/startxfce4
else
exec dbus-launch --exit-with-session /usr/bin/startxfce4
fi
and just stick with "exec dbus-launch --exit-with-session"
Might be alright when someone does a startx and uses the same console as the tty ck session, but if one does something like a startx -- :8 vt8 & then that's essentially a new session and probably needs its own ck session. I suspect startx is just too primitive for modern X11 enviroments with all this consolekit, dbus, and what have you stuff.
Also, I'm not a fan of using dbus-launch like that: it's caused me problems in the past, so I always use the eval method of staring it.
Code:
if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
eval $(dbus-launch --sh-syntax --exit-with-session)
fi
... but that has to be done within the ck-session or many of the dbus services don't function properly.
It's a workaround, but the underlying issues are these:
xsession/xinitrc files are using DESKTOP_SESSION to determine whether they've been started by a display manager, or a startx, and then starting ck-launch-session depending on what's starting them, rather than on whether it needs starting
I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.
Then DESKTOP_SESSION can be used for its original purpose without misusing it to trigger side effects.
/etc/X11/xdm/Xsession still should be setting DESKTOP_SESSION, but that's not what should determine whether ck-launch-session is called or not.
It's a workaround, but the underlying issues are these:
xsession/xinitrc files are using DESKTOP_SESSION to determine whether they've been started by a display manager, or a startx, and then starting ck-launch-session depending on what's starting them, rather than on whether it needs starting
I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.
Then DESKTOP_SESSION can be used for its original purpose without misusing it to trigger side effects.
/etc/X11/xdm/Xsession still should be setting DESKTOP_SESSION, but that's not what should determine whether ck-launch-session is called or not.
I agree with you, sometimes I have the impression that certain things are not enhanced, or not finished.
I think eric was right above, and xinitrc/xsession files shouldn't be launching console-kit sessions. Instead, the cleanest solution is to have startx, or the display manager do the ck-launch-session.
In the case of XDM, this requires to apply the patch xdm-consolekit.patch.gz (that's ok), and to run 'autoreconf -vif' before the call of 'configure' which is currently not the case. This call was present when XDM has been upgraded to 1.1.12 (downgraded to 1.1.11 a short time after). See this thread, and more precisely the posts #14 (and #15) .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.