Comment 16 for bug 104957
Revision history for this message
| Flabdablet (flabdablet) wrote Re: [Bug 104957] Re: users with no password can't log in with gdm | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Wed, Mar 4, 2009 at 10:25 AM, Steve Langasek
<email address hidden> wrote:
> I don't know if the display names always belong to local X servers;
> answering that question would go a long way to help resolve this bug.
OK. I just tested this by turning on XDMCP on the desktop box
(192.168.119.2), and logging in from my laptop (192.168.119.5). From
the laptop, attempting to log in as visitor fails, and when I
subsequently log in as stephen and check /var/log/auth.log, I see that
the failed visitor login has caused
access denied: tty '192.168.119.5:3' is not secure !
So it looks like the names that PAM sees will in fact have a prepended
hostname if they are X displays running remote. On that basis, I'm
perfectly happy just to tack
# Local X displays
:0
:0.0
:1
:1.0
:2
:2.0
:3
:3.0
...
:63
:63.0
onto the end of /etc/securetty for my own use, and can see no real
reason why this shouldn't be done as a distro default.
Looks to me like the routines that parse /etc/securetty might benefit
from some kind of wildcard support, though. That would make things
much easier for anybody who actually wanted to turn on some
password-free logins via a room full of thin clients. I can see a use
for this in a classroom or public library, for example.