FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-18-2009, 02:08 AM
Stefan Monnier
 
Default How to let a user login locally with a weak password

I'd like to setup an account that can use a weak password.
To make up for it, the account should only be accessible locally, not
over the network.
It would be sufficient for it to be accessible only via GDM/XDM (since
I don't need remote XDM/GDM logins).


Stefan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 02:26 AM
Osamu Aoki
 
Default How to let a user login locally with a weak password

Hi,

On Sat, Jan 17, 2009 at 10:08:41PM -0500, Stefan Monnier wrote:
> I'd like to setup an account that can use a weak password.
> To make up for it, the account should only be accessible locally, not
> over the network.

Weak is not easy ... there is minimum number of character for password.
But no password is easy.

> It would be sufficient for it to be accessible only via GDM/XDM (since
> I don't need remote XDM/GDM logins).

GDM can be configured to have default login user who can get desktop
without password.

"System" -> "Administration" -> Login window" -> "Security" -> "Enable
timed login"

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 02:30 AM
Raj Kiran Grandhi
 
Default How to let a user login locally with a weak password

Stefan Monnier wrote:

I'd like to setup an account that can use a weak password.
To make up for it, the account should only be accessible locally, not
over the network.
It would be sufficient for it to be accessible only via GDM/XDM (since
I don't need remote XDM/GDM logins).


Stefan


I believe the default settings do not allow remote GDM logins. You can
always run gdmsetup to be sure. As for remote access via ssh, look into
the DenyUsers and DenyGroups directives for sshd_config. Alternatively,
you may prefer to disable password based logins altogether and go with
public key authentication only. Again look at sshd_config(5) for the
relevant configuration directives.








--

If you can't explain it simply, you don't understand it well enough.
-- Albert Einstein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 02:51 AM
Raj Kiran Grandhi
 
Default How to let a user login locally with a weak password

Osamu Aoki wrote:

Hi,

On Sat, Jan 17, 2009 at 10:08:41PM -0500, Stefan Monnier wrote:

I'd like to setup an account that can use a weak password.
To make up for it, the account should only be accessible locally, not
over the network.


Weak is not easy ... there is minimum number of character for password.
But no password is easy.


Not really. While it is possible to set specific requirements for the
strength of a password. root can always set the password to anything.
IMHO, I see no compelling reason for a strong password for a non
networked home desktop.





It would be sufficient for it to be accessible only via GDM/XDM (since
I don't need remote XDM/GDM logins).


GDM can be configured to have default login user who can get desktop
without password.

"System" -> "Administration" -> Login window" -> "Security" -> "Enable
timed login"

Osamu





--

If you can't explain it simply, you don't understand it well enough.
-- Albert Einstein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 03:33 AM
Osamu Aoki
 
Default How to let a user login locally with a weak password

On Sun, Jan 18, 2009 at 09:21:23AM +0530, Raj Kiran Grandhi wrote:
> Osamu Aoki wrote:
>> Hi,
>>
>> On Sat, Jan 17, 2009 at 10:08:41PM -0500, Stefan Monnier wrote:
>>> I'd like to setup an account that can use a weak password.
>>> To make up for it, the account should only be accessible locally, not
>>> over the network.
>>
>> Weak is not easy ... there is minimum number of character for password.
>> But no password is easy.
>
> Not really. While it is possible to set specific requirements for the
> strength of a password. root can always set the password to anything.

Oops, Debian default was not to use pam_cracklib.so ... You are right.

> IMHO, I see no compelling reason for a strong password for a non
> networked home desktop.

Me either in some case. no password is ....

Anyway, see /etc/security/limits.conf and pam_limits.so : man pam_limits
This is way how system limits logn to local user.

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 10:43 AM
Tzafrir Cohen
 
Default How to let a user login locally with a weak password

On Sat, Jan 17, 2009 at 10:08:41PM -0500, Stefan Monnier wrote:
> I'd like to setup an account that can use a weak password.
> To make up for it, the account should only be accessible locally, not
> over the network.
> It would be sufficient for it to be accessible only via GDM/XDM (since
> I don't need remote XDM/GDM logins).

I used to add an extra line to /etc/pam.d/gdm to allow a list of users
(using pam_listfile.so) to login before checking their passwords.

Assuming you don't use XDMCP, this only allows local logins.

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-18-2009, 08:26 PM
Sven Joachim
 
Default How to let a user login locally with a weak password

On 2009-01-18 04:08 +0100, Stefan Monnier wrote:

> I'd like to setup an account that can use a weak password.
> To make up for it, the account should only be accessible locally, not
> over the network.
> It would be sufficient for it to be accessible only via GDM/XDM (since
> I don't need remote XDM/GDM logins).

Setting the login shell of the user to /bin/true disables local and
remote logins on a terminal, but should allow logins with XDM, see
http://bugs.debian.org/5212. Not sure whether it will work with GDM,
though.

Sven


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-20-2009, 02:18 AM
Stefan Monnier
 
Default How to let a user login locally with a weak password

>> I'd like to setup an account that can use a weak password.
>> To make up for it, the account should only be accessible locally, not
>> over the network.
> Weak is not easy ... there is minimum number of character for password.

That's OK: root (i.e. I) can easily override it.

>> It would be sufficient for it to be accessible only via GDM/XDM (since
>> I don't need remote XDM/GDM logins).
> GDM can be configured to have default login user who can get desktop
> without password.
> "System" -> "Administration" -> Login window" -> "Security" -> "Enable
> timed login"

My system is used by several people, so this is not really an option.


Stefan




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-20-2009, 02:21 AM
Stefan Monnier
 
Default How to let a user login locally with a weak password

> I believe the default settings do not allow remote GDM logins. You can
> always run gdmsetup to be sure.

That's indeed the case.

> As for remote access via ssh, look into the DenyUsers and DenyGroups
> directives for sshd_config.

I guess that's an option, although I don't feel very good about it: it
only stops SSH. What about other means to log in? I try to make sure
only SSH is open, but I may allow other things at some point.
I'd rather say "only GDM" than "anything but SSH".


Stefan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-20-2009, 02:22 AM
Stefan Monnier
 
Default How to let a user login locally with a weak password

>> I'd like to setup an account that can use a weak password.
>> To make up for it, the account should only be accessible locally, not
>> over the network.
>> It would be sufficient for it to be accessible only via GDM/XDM (since
>> I don't need remote XDM/GDM logins).

> I used to add an extra line to /etc/pam.d/gdm to allow a list of users
> (using pam_listfile.so) to login before checking their passwords.

That sounds promising. Could you give me some details of what it looked
like? But I guess that just allowed them to login without any password
(rather than with a weak password), right? Still, promising.


Stefan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:40 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org