Tails

Care must be taken so that a user cannot mistakenly click a "Lock the screen" button while they have not chosen a password. Here’s some ideas:

Password-less amnesia account

Make the amnesia account password-less by default, and have the "Lock screen" feature do something non-dumb in this situation. This has been tested to work well; when no password is set, locking the screen just starts the screensaver with no lock.

Issues

However, making the amnesia account password-less overrides Tails Greeter. TG can be seen for a split second when X starts and then GNOME starts.

This seems to be PAM-related. It has been tried to disable "nullok_secure" for pam_unix.so ("traditional password authentication"), which means that empty passwords are ok when used on secure tty’s. That prevents gdm from skipping Tails Greeter and go directly to GNOME, but then X aborts with PAM errors when clicking "Login" in Tails Greeter. We should research if we can solve this with PAM in some nice way.

An alternative would be to not make the default user password-less by default and instead have Tails Greeter do it in case an administrative password isn’t set. This would work as expected, and can easily be simulated by setting a root password (using rootpw= on the kernel cmdline) and switching out to a console and running passwd -d amnesia right before clicking "Login" in Tails Greeter.

However, if X restarts after the amnesia user’s password has been deleted (so we didn’t set an administrative password), we’d be back in the same situation; Tails Greeter would be skipped, and any options (e.g. locale) selected in it the previous time wouldn’t be selected this time. OTOH I suppose we assume X restarts won’t happen, so it’s not a big issue.