https://bugzilla.novell.com/show_bug.cgi?id=833253
https://bugzilla.novell.com/show_bug.cgi?id=833253#c19
Felix Miata
There is a very fast solution to your issue.
You edit the file /etc/pam.d/common-auth
I think not. That is a symlink to common-auth-pc, which contains the following (in 13.2) first lines: #%PAM-1.0 # # This file is autogenerated by pam-config. All changes # will be overwritten. That file exists in neither Mageia 4 nor Fedora 20 nor Rawhide. F20 does have something similar, though larger in uncommented line count, passwd-auth-ac: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
and there should be two lines in there:
auth required pam_env.so auth required pam_unix2.so
Behind each of the above lines you put the word nullok, so that it looks like this:
auth required pam_env.so nullok auth required pam_unix2.so nullok
Save the file and your issue is resolved. Users no longer require a password if there is no password defined and the behavior is now as you want it.
If you had read my comment (comment#12) and had looked at the pam settings and manuals instead of bringing up all kind of historical information about how older versions were able to do this, etc, then you could have easily resolved the issue yourself !!
You assume too much. I get little out of man pages due to their extreme dearth of examples. You referred to pam, but I know nothing about pam, as I never needed to know until now. And I still don't really. man pam is barely a screenful, with no reference to common-auth or common-auth-pc. I don't expect your suggested edits to help anything given the warning comment in that config file.
But with the information provided in this comment, I am closing this bug report as resolved as that it is possible to have the required behavior if you set up the system in that way. That it is not the default setup as that it was in the past is a different story, but I guess editing two files as a system administrator should be easy enough.
Easy enough maybe only with readily discoverable and understandible docs, and certainly not as easy as in previous releases and competing distros. This particular added complication makes dispensing with normal users and doing all as root look inviting too. This impediment was not part of previous openSUSEes, and remains not in Fedora 20, Fedora 21, and Mageia 4, to edit any config files in order to enable a user to require no password to login. Now as before in both Fedora and Mageia, passwd -d username is all that's required to enable passwordless vtty login. The passwd -d method never worked in openSUSE (why?), but passwd would accept null passwords for non-root users (unlike all other distros I can recall ATM). So, I'm reopening, on account of no indication how to cause the desired result without suggested edits being overwritten at autogeneration time, whenever that is. Where does one put nullok that automagic will put it in instead of stripping it out? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.