Feature #5589
Have a password-less amnesia account by default
0%
Description
Care must be taken so that a user cannot mistakenly click a "Lock the screen" button while they have not chosen a password. Here’s some ideas:
Password-less amnesia account
Make the amnesia
account password-less by default, and have the "Lock screen" feature do something non-dumb in this situation. This has been tested to work well; when no password is set, locking the screen just starts the screensaver with no lock.
Issues
However, making the amnesia
account password-less overrides Tails Greeter. TG can be seen for a split second when X starts and then GNOME starts.
This seems to be PAM-related. It has been tried to disable "nullok_secure" for pam_unix.so ("traditional password authentication"), which means that empty passwords are ok when used on secure tty’s. That prevents gdm from skipping Tails Greeter and go directly to GNOME, but then X aborts with PAM errors when clicking "Login" in Tails Greeter. We should research if we can solve this with PAM in some nice way.
An alternative would be to not make the default user password-less by default and instead have Tails Greeter do it in case an administrative password isn’t set. This would work as expected, and can easily be simulated by setting a root password (using rootpw= on the kernel cmdline) and switching out to a console and running passwd -d amnesia
right before clicking "Login" in Tails Greeter.
However, if X restarts after the amnesia user’s password has been deleted (so we didn’t set an administrative password), we’d be back in the same situation; Tails Greeter would be skipped, and any options (e.g. locale) selected in it the previous time wouldn’t be selected this time. OTOH I suppose we assume X restarts won’t happen, so it’s not a big issue.
Subtasks
Related issues
Is duplicate of Tails - |
Resolved | 2014-12-03 |
History
#1 Updated by Tails 2013-07-18 10:36:54
- Parent task set to
Feature #5684
#2 Updated by intrigeri 2013-07-19 02:49:04
- Priority changed from Normal to Elevated
#3 Updated by BitingBird 2014-06-09 10:04:40
- Subject changed from have a password-less amnesia account by default to Have a password-less amnesia account by default
- Starter set to No
#4 Updated by intrigeri 2014-12-20 12:39:13
- related to
Feature #8383: Research technical possibilities to implement a password prompt for screen locking added
#5 Updated by BitingBird 2015-08-25 14:00:49
- related to deleted (
)Feature #8383: Research technical possibilities to implement a password prompt for screen locking
#6 Updated by BitingBird 2015-08-25 14:00:57
- Status changed from Confirmed to Duplicate
#7 Updated by BitingBird 2015-08-25 14:01:07
- is duplicate of
Feature #8383: Research technical possibilities to implement a password prompt for screen locking added