My Hardy desktop box has five user accounts, one of which (visitor) has no password. I can confirm that appending the following to /etc/securetty enables visitor to log in via GDM and successfully unlock gnome-screensaver and switch users.
# X displays :0 :0.0 :20 :20.0 :21 :21.0 :22 :22.0 :23 :23.0 :24 :24.0
Do display names in this form always belong to local X servers? If so, including a bunch of them in /etc/securetty is probably the Right Thing.
I can also confirm that leaving /etc/securetty unmolested and doing the following instead gets the job done too:
$ cd /etc/pam.d $ sudo cp common-auth common-auth-loose $ sudo sed -i s/nullok_secure/nullok/ common-auth-loose $ sudo sed -i s/common-auth/common-auth-loose/ gdm gnome-screensaver
Is this all kinds of insecure as it stands, or only if I turn on XDMCP?
My Hardy desktop box has five user accounts, one of which (visitor) has no password. I can confirm that appending the following to /etc/securetty enables visitor to log in via GDM and successfully unlock gnome-screensaver and switch users.
# X displays
:0
:0.0
:20
:20.0
:21
:21.0
:22
:22.0
:23
:23.0
:24
:24.0
Do display names in this form always belong to local X servers? If so, including a bunch of them in /etc/securetty is probably the Right Thing.
I can also confirm that leaving /etc/securetty unmolested and doing the following instead gets the job done too:
$ cd /etc/pam.d secure/ nullok/ common-auth-loose auth/common- auth-loose/ gdm gnome-screensaver
$ sudo cp common-auth common-auth-loose
$ sudo sed -i s/nullok_
$ sudo sed -i s/common-
Is this all kinds of insecure as it stands, or only if I turn on XDMCP?