[Bug 1200283] Re: Consider using nullok instead of nullok_secure to allow for passwordless login feature

Steve Langasek steve.langasek at canonical.com
Thu Jul 11 16:56:32 UTC 2013 

The implications of using 'nullok' instead of 'nullok_secure' are that
*all* services will allow passwordless access to the account, including
remote services.  It is not reasonable to use 'nullok' as a system-level
setting, because this means, for instance, that if the user installs
openssh-server, their machine can instantly be rooted remotely.

So pam is the wrong place to solve this.  It seems to me that the system
settings panel should instead directly manage a combination of lightdm,
policykit, and sudo configuration options to enable passwordless access.

** Changed in: pam (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1200283

Title:
  Consider using nullok instead of nullok_secure to allow for
  passwordless login feature

Status in “pam” package in Ubuntu:
  Won't Fix

Bug description:
  As part of the Security & Privacy panel in System Settings, mpt
  proposed allowing users to easily set their account to log in without
  a password. (This feature actually already exists in the User Accounts
  panel but it's a bit hard-to-discover). A user needs admin rights to
  set this option.

  However setting this option breaks sudo and policykit authentication
  prompts.

  mdeslaur believes this is because Ubuntu uses nullok_secure instead of
  nullok in the default pam configuration.

  You can read the underlying conversation at
  http://irclogs.ubuntu.com/2013/07/11/%23ubuntu-desktop.html#t14:57

  The mockup is at https://wiki.ubuntu.com/SecurityAndPrivacySettings

  ProblemType: Bug
  DistroRelease: Ubuntu 13.10
  Package: libpam-modules 1.1.3-8ubuntu3
  ProcVersionSignature: Ubuntu 3.10.0-2.9-generic 3.10.0
  Uname: Linux 3.10.0-2-generic x86_64
  ApportVersion: 2.10.2-0ubuntu4
  Architecture: amd64
  Date: Thu Jul 11 11:37:47 2013
  InstallationDate: Installed on 2013-06-14 (27 days ago)
  InstallationMedia: Ubuntu-GNOME 13.10 "Saucy Salamander" - Alpha amd64 (20130613)
  MarkForUpload: True
  SourcePackage: pam
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1200283/+subscriptions

More information about the foundations-bugs mailing list