:: Re: [DNG] passwordless console auto…
Página Principal
Delete this message
Reply to this message
Autor: Didier Kryn
Data:  
Para: dng
Assunto: Re: [DNG] passwordless console autologin
Le 12/10/2018 à 18:43, Alessandro Selli a écrit :
> On 12/10/18 at 14:14, Florian Zieboll wrote:
>> Hallo,
>>
>> for a video display, I installed devuan with a passwordless console autologin, but my current configuration (below) gives me a "deprecated" warning:
>>
>> /etc/login.defs
>>     NO_PASSWORD_CONSOLE tty1

>>
>> /etc/inittab
>>     1:2345:respawn:/sbin/getty --autologin devuan tty1

>>
>> Is there an up-to-date solution to achieve this?
>
>   Passwordless accounts is a feature that was taken over by PAM.
>
>   In man pam_unix(8) I can read:
>
>        nullok
>            The default action of this module is to not permit the user
> access
>            to a service if their official password is blank. The nullok
>            argument overrides this default and allows any user with a blank
>            password to access the service.
>
>
>   So, you should add this parameter to those pam config files in
> /etc/pam.d/ that use pam_unix and hope it works.
>
>   PAM can easily get out of hand and mess up your system, so be careful
> and have backup copies of your pam.d files in case you lock yourself out
> of your box for an invalid PAM login configuration.
>


    Seems to me this doesn't solve the same problem. This PAM feature
would apply to all sessions with the given user or even all users while
the question was to enable autologin only on tty1 for only one user.

    And, yes, PAM can easily mess up the system. Better keep some
backdoor when testing. ssh server can be easily configured to bypass PAM.

        Didier